The consumer-level devices tracking user{\textquoteright}s gestures eased the design and the implementation of interactive applications relying on body movements as input.
Gesture recognition based on computer vision and machine-learning mainly focus on accuracy and robustness. The resulting classifiers label precisely gestures after their performance, but they do not provide intermediate information during the execution. Human-Computer Interaction research focused instead on providing an easy and effective guidance for performing and discovering interactive gestures. The compositional approaches developed for solving such problem provide information on both the whole gesture and on its sub-parts, but they exploit heuristic techniques that have a low recognition accuracy. In this paper, we introduce DEICTIC, a compositional and declarative description for stroke gestures, which uses basic Hidden Markov Models (HMMs) to recognise meaningful predefined primitives (gesture sub-parts) and it composes them to recognise complex gestures. It provides information for supporting gesture guidance and it reaches an accuracy comparable with state-of-the-art approaches, evaluated on two datasets from the literature. Through a developer evaluation, we show that the implementation of a guidance system with DEICTIC requires an effort comparable to compositional approaches, while the definition procedure and the perceived recognition accuracy is comparable to machine learning approaches.

Machine-learning models have been recently used for detecting malicious Android applications, reporting impressive performances on benchmark datasets, even when trained only on features statically extracted from the application, such as system calls and permissions. However, recent findings have highlighted the fragility of such in-vitro evaluations with benchmark datasets, showing that very few changes to the content of Android malware may suffice to evade detection. How can we thus trust that a malware detector performing well on benchmark data will continue to do so when deployed in an operating environment? To mitigate this issue, the most popular Android malware detectors use linear, explainable machine-learning models to easily identify the most influential features contributing to each decision. In this work, we generalize this approach to any black-box machine- learning model, by leveraging a gradient-based approach to identify the most influential local features. This enables using nonlinear models to potentially increase accuracy without sacrificing interpretability of decisions. Our approach also highlights the global characteristics learned by the model to discriminate between benign and malware applications. Finally, as shown by our empirical analysis on a popular Android malware detection task, it also helps identifying potential vulnerabilities of linear and nonlinear models against adversarial manipulations.

},
keywords = {Approximation algorithms, Detectors, Feature extraction, Machine Learning, Malware, Signal processing algorithms, support vector machines},
isbn = {978-9-0827-9701-5},
issn = {2076-1465},
doi = {10.23919/EUSIPCO.2018.8553598},
url = {https://ieeexplore.ieee.org/document/8553598},
author = {Marco Melis and Davide Maiorca and Battista Biggio and Giorgio Giacinto and Fabio Roli}
}
@conference {1422,
title = {F-Measure Curves for Visualizing Classifier Performance with Imbalanced Data},
booktitle = {8th IAPR TC3 Workshop on Artificial Neural Networks in Pattern Recognition (ANNPR 2018)},
year = {2018},
month = {In press.},
publisher = {Springer},
organization = {Springer},
address = {Siena},
abstract = {Training classifiers using imbalanced data is a challenging problem in many real-world recognition applications due in part to the bias in performance that occur for: (1) classifiers that are often optimized and compared using unsuitable performance measurements for imbalance problems; (2) classifiers that are trained and tested on a fixed imbalance level of data, which may differ from operational scenarios; (3) cases where the preference of correct classification of classes is application dependent. Specialized performance evaluation metrics and tools are needed for problems that involve class imbalance, including scalar metrics that assume a given operating condition (skew level and relative preference of classes), and global evaluation curves or metrics that consider a range of operating conditions.We propose a global evaluation space for the scalar F-measure metric that is analogous to the cost curves for expected cost. In this space, a classifier is represented as a curve that shows its performance over all of its decision thresholds and a range of imbalance levels for the desired preference of true positive rate to precision. Experiments with synthetic data show the benefits of evaluating and comparing classifiers under different operating conditions in the proposed F-measure space over ROC, precision-recall, and cost spaces.},
keywords = {Class imbalance, F-measure, Performance visualization tools},
author = {Roghayeh Soleymani and Eric Granger and Giorgio Fumera}
}
@conference {DBLP:conf/clef/ZhouPRLDG18,
title = {An Interactive Lifelog Retrieval System for Activities of Daily Living Understanding},
booktitle = {Working Notes of {CLEF} 2018 - Conference and Labs of the Evaluation Forum, Avignon, France, September 10-14, 2018.},
year = {2018},
abstract = {ThispaperdescribestheparticipationoftheOrganizerTeam in the ImageCLEFlifelog 2018 Daily Living Understanding and Lifelog Mo- ment Retrieval. In this paper, we propose how to exploit LIFER, an interactive lifelog search engine to solve the two tasks: Lifelog Moment Retrieval and Activities of Daily Living Understanding. We propose ap- proaches for both baseline, which aim to provide a reference system for other approaches, and human-in-the-loop, which advance the baseline results.},
keywords = {cbir00},
url = {http://ceur-ws.org/Vol-2125/paper\_160.pdf},
author = {Liting Zhou and Luca Piras and Michael Riegler and Mathias Lux and Duc-Tien Dang-Nguyen and Cathal Gurrin}
}
@conference {jagielski18-sp,
title = {Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning},
booktitle = {39th IEEE Symposium on Security and Privacy},
year = {2018},
note = {

Acceptance rate 9.9\%

},
abstract = {

As machine learning becomes widely used for automated decisions, attackers have strong incentives to manipulate the results and models generated by machine learning algorithms. In this paper, we perform the first systematic study of poisoning attacks and their countermeasures for linear regression models. In poisoning attacks, attackers deliberately influence the training data to manipulate the results of a predictive model. We propose a theoretically-grounded optimization framework specifically designed for linear regression and demonstrate its effectiveness on a range of datasets and models. We also introduce a fast statistical attack that requires limited knowledge of the training process. Finally, we design a new principled defense method that is highly resilient against all poisoning attacks. We provide formal guarantees about its convergence and an upper bound on the effect of poisoning attacks when the defense is deployed. We evaluate extensively our attacks and defenses on three realistic datasets from health care, loan assessment, and real estate domains.

},
author = {M. Jagielski and A. Oprea and Battista Biggio and C. Liu and C. Nita-Rotaru and B. Li}
}
@conference {DBLP:conf/clef/IonescuMVHEACLK18,
title = {Overview of ImageCLEF 2018: Challenges, Datasets and Evaluation},
booktitle = {Experimental {IR} Meets Multilinguality, Multimodality, and Interaction - 9th International Conference of the {CLEF} Association, {CLEF} 2018, Avignon, France, September 10-14, 2018, Proceedings},
year = {2018},
pages = {309{\textendash}334},
abstract = {This paper presents an overview of the ImageCLEF 2018 evaluation campaign, an event that was organized as part of the CLEF (Conference and Labs of the Evaluation Forum) Labs 2018. ImageCLEF is an ongoing initiative (it started in 2003) that promotes the evaluation of technologies for annotation, indexing and retrieval with the aim of providing information access to collections of images in various usage scenarios and domains. In 2018, the 16th edition of ImageCLEF ran three main tasks and a pilot task: (1) a caption prediction task that aims at predicting the caption of a figure from the biomedical literature based only on the figure image; (2) a tuberculosis task that aims at detecting the tuberculosis type, severity and drug resistance from CT (Computed Tomography) volumes of the lung; (3) a LifeLog task (videos, images and other sources) about daily activities understanding and moment retrieval, and (4) a pilot task on visual question answering where systems are tasked with answering medical questions. The strong participation, with over 100 research groups registering and 31 submitting results for the tasks, shows an increasing interest in this benchmarking campaign.},
keywords = {cbir00},
doi = {10.1007/978-3-319-98932-7\_28},
url = {https://doi.org/10.1007/978-3-319-98932-7\_28},
author = {Bogdan Ionescu and Henning M{\"u}ller and Mauricio Villegas and Alba Garc{\'\i}a Seco de Herrera and Carsten Eickhoff and Vincent Andrearczyk and Yashin Dicente Cid and Vitali Liauchuk and Vassili Kovalev and Sadid A. Hasan and Yuan Ling and Oladimeji Farri and Joey Liu and Matthew Lungren and Duc-Tien Dang-Nguyen and Luca Piras and Michael Riegler and Liting Zhou and Mathias Lux and Cathal Gurrin}
}
@conference {DBLP:conf/clef/Dang-NguyenPRZL18,
title = {Overview of ImageCLEFlifelog 2018: Daily Living Understanding and Lifelog Moment Retrieval},
booktitle = {Working Notes of {CLEF} 2018 - Conference and Labs of the Evaluation Forum, Avignon, France, September 10-14, 2018.},
year = {2018},
abstract = {

Benchmarking in Multimedia and Retrieval related research fields has a long tradition and important position within the community. Benchmarks such as the MediaEval Multimedia Benchmark or CLEF are well established and also served by the community. One major goal of these competitions beside of comparing different methods and approaches is also to create or promote new interesting research directions within multimedia. For example the Medico task at MediaEval with the goal of medical related multimedia analysis. Although lifelogging creates a lot of attention in the community which is shown by several workshops and special session hosted about the topic. Despite of that there exist also some lifelogging related benchmarks. For example the previous edition of the lifelogging task at ImageCLEF. The last years ImageCLEFlifelog task was well received but had some barriers that made it difficult for some researchers to participate (data size, multi modal features, etc.) The ImageCLEFlifelog 2018 tries to overcome these problems and make the task accessible for an even broader audience (eg, pre-extracted features are provided). Furthermore, the task is divided into two subtasks (challenges). The two challenges are lifelog moment retrieval (LMRT) and the Activities of Daily Living understanding (ADLT). All in all seven teams participated with a total number of 41 runs which was an significant increase compared to the previous year.

After more than 20 years of research on Content-Based Image Retrieval (CBIR), the community is still facing many challenges to improve the retrieval results by filling the semantic gap between the user needs and the automatic image description provided by different image representations. Including the human in the loop through Relevance Feedback (RF) mechanisms turned out to help improving the retrieval results in CBIR. In this paper, we claim that Nearest Neighbour approaches still provide an effective method to assign a Relevance Score to images, after the user labels a small set of images as being relevant or not to a given query. Although many other approaches to relevance feedback have been proposed in the past ten years, we show that the Relevance Score, while simple in its implementation, allows attaining superior results with respect to more complex approaches, can be easily adopted with any feature representations. Reported results on different real-world datasets with a large number of classes, characterised by different degrees of semantic and visual intra- e inter-class variability, clearly show the current challenges faced by CBIR system in reaching acceptable retrieval performances, and the effectiveness of Nearest neighbour approaches to exploit Relevance Feedback.

Learning-based pattern classifiers, including deep networks, have demonstrated impressive performance in several application domains, ranging from computer vision to computer security. However, it has also been shown that adversarial input perturbations carefully crafted either at training or at test time can easily subvert their predictions. The vulnerability of machine learning to adversarial inputs (also known as adversarial examples), along with the design of suitable countermeasures, have been investigated in the research field of adversarial machine learning. In this work, we provide a thorough overview of the evolution of this interdisciplinary research area over the last ten years, starting from pioneering, earlier work up to more recent work aimed at understanding the security properties of deep learning algorithms, in the context of different applications. We report interesting connections between these apparently-different lines of work, highlighting common misconceptions related to the evaluation of the security of machine-learning algorithms. We finally discuss the main limitations of current work, along with the corresponding future research challenges towards the design of more secure learning algorithms.

Typosquatting consists of registering Internet domain names that closely resemble legitimate, reputable, and well-known ones (e.g., Farebook instead of Facebook). This cyber-attack aims to distribute malware or to phish the victims users (i.e., stealing their credentials) by mimicking the aspect of the legitimate webpage of the targeted organisation.
The majority of the detection approaches proposed so far generate possible typo-variants of a legitimate domain, creating thus blacklists which can be used to prevent users from accessing typo-squatted domains.
Only few studies have addressed the problem of Typosquatting detection by leveraging a passive Domain Name System (DNS) traffic analysis. In this work, we follow this approach, and additionally exploit machine learning to learn a similarity measure between domain names capable of detecting typo-squatted ones from the analyzed DNS traffic.
We validate our approach on a large-scale dataset consisting of 4 months of traffic collected from a major Italian Internet Service Provider.

The large-scale deployment of modern phishing attacks relies on the automatic exploitation of vulnerable websites in the wild, to maximize profit while hindering attack traceability, detection and blacklisting. To the best of our knowledge, this is the first work that specifically leverages this adversarial behavior for detection purposes. We show that phishing webpages can be accurately detected by highlighting HTML code and visual differences with respect to other (legitimate) pages hosted within a compromised website. Our system, named DeltaPhish, can be installed as part of a web application firewall, to detect the presence of anomalous content on a website after compromise, and eventually prevent access to it. DeltaPhish is also robust against adversarial attempts in which the HTML code of the phishing page is carefully manipulated to evade detection. We empirically evaluate it on more than 5,500 webpages collected in the wild from compromised websites, showing that it is capable of detecting more than 99\% of phishing webpages, while only misclassifying less than 1\% of legitimate pages. We further show that the detection rate remains higher than 70\% even under very sophisticated attacks carefully designed to evade our system.

Nowadays machine-learning algorithms are increasingly being applied in security-related applications like spam and malware detection, aiming to detect never-before-seen attacks and novel threats. However, such techniques may expose specific vulnerabilities that may be exploited by carefully-crafted attacks. Support Vector Machines (SVMs) are a well-known and widely-used learning algorithm. They make their decisions based on a subset of the training samples, known as support vectors. We first show that this behaviour poses risks to system security, if the labels of a subset of the training samples can be manipulated by an intelligent and adaptive attacker. We then propose a countermeasure that can be applied to mitigate this issue, based on infinity-norm regularization. The underlying rationale is to increase the number of support vectors and balance more equally their contribution to the decision function, to decrease the impact of the contaminating samples during training. Finally, we empirically show that the proposed defence strategy, referred to as Infinity-norm SVM, can significantly improve classifier security under malicious label contamination in a real-world classification task involving malware detection.

An ever increasing part of communication between persons involve the use of pictures, due to the cheap availability of powerful cameras on smartphones, and the cheap availability of storage space. The rising popularity of social networking applications such as Facebook, Twitter, Instagram, and of instant messaging applications, such as WhatsApp, WeChat, is the clear evidence of this phenomenon, due to the opportunity of sharing in real-time a pictorial representation of the context each individual is living in. The media rapidly exploited this phenomenon, using the same channel, either to publish their reports, or to gather additional information on an event through the community of users. While the real-time use of images is managed through metadata associated with the image (i.e., the timestamp, the geolocation, tags, etc.), their retrieval from an archive might be far from trivial, as an image bears a rich semantic content that goes beyond the description provided by its metadata. It turns out that after more than 20 years of research on Content-Based Image Retrieval (CBIR), the giant increase in the number and variety of images available in digital format is challenging the research community. It is quite easy to see that any approach aiming at facing such challenges must rely on different image representations that need to be conveniently fused in order to adapt to the subjectivity of image semantics. This paper offers a journey through the main information fusion ingredients that a recipe for the design of a CBIR system should include to meet the demanding needs of users

In this paper, we present a novel framework that can produce a visual description of a tourist attraction by choosing the most diverse pictures from community-contributed datasets, that describe different details of the queried location. The main strength of the proposed approach is its flexibility that permits to filter out non-relevant images, and to obtain a reliable set of diverse and relevant images by first clustering similar images according to their textual descriptions and their visual content, and then extracting images from different clusters according to a measure of user{\textquoteright}s credibility. Clustering is based on a two-step process where textual descriptions are used first, and the clusters are then refined according to the visual features. The degree of diversification can be further increased by exploiting users{\textquoteright} judgments on the results produced by the proposed algorithm through a novel approach, where users not only provide a Relevance Feedback, but also a Diversity Feedback. Experimental results performed on the MediaEval 2015 "Retrieving Diverse Social Images" dataset show that the proposed framework can achieve very good performance both in the case of automatic retrieval of diverse images, and in the case of the exploitation of the users{\textquoteright} feedback. The effectiveness of the proposed approach has been also confirmed by a small case study involving a number of real users.

Prior work has shown that multibiometric systems are vulnerable to presentation attacks, assuming that their matching score distribution is identical to that of genuine users, without fabricating any fake trait. We have recently shown that this assumption is not representative of current fingerprint and face presentation attacks, leading one to overestimate the vulnerability of multibiometric systems, and to design less effective fusion rules. In this paper, we overcome these limitations by proposing a statistical meta-model of face and fingerprint presentation attacks that characterizes a wider family of fake score distributions, including distributions of known and, potentially, unknown attacks. This allows us to perform a thorough security evaluation of multibiometric systems against presentation attacks, quantifying how their vulnerability may vary also under attacks that are different from those considered during design, through an uncertainty analysis. We empirically show that our approach can reliably predict the performance of multibiometric systems even under never-before-seen face and fingerprint presentation attacks, and that the secure fusion rules designed using our approach can exhibit an improved trade-off between the performance in the absence and in the presence of attack. We finally argue that our method can be extended to other biometrics besides faces and fingerprints.

Pattern recognition and machine learning techniques have been increasingly adopted in adversarial settings such as spam, intrusion, and malware detection, although their security against well-crafted attacks that aim to evade detection by manipulating data at test time has not yet been thoroughly assessed. While previous work has been mainly focused on devising adversary-aware classification algorithms to counter evasion attempts, only few authors have considered the impact of using reduced feature sets on classifier security against the same attacks. An interesting, preliminary result is that classifier security to evasion may be even worsened by the application of feature selection. In this paper, we provide a more detailed investigation of this aspect, shedding some light on the security properties of feature selection against evasion attacks. Inspired by previous work on adversary-aware classifiers, we propose a novel adversary-aware feature selection model that can improve classifier security against evasion attacks, by incorporating specific assumptions on the adversary{\textquoteright}s data manipulation strategy. We focus on an efficient, wrapper-based implementation of our approach, and experimentally validate its soundness on different application examples, including spam and malware detection.

We present a poster about a possible cyber-crime attack scenario based on data sciences, social engineering and open data. We want to raise awareness about dangers associated with the use of knowledge discovery techniques applied to open data by cyber-criminals. We hope this poster will spark interest in the topic.

Abstract A spoof attack, a subset of presentation attacks, is the use of an artificial replica of a biometric in an attempt to circumvent a biometric sensor. Liveness detection, or presentation attack detection, distinguishes between live and fake biometric traits and is based on the principle that additional information can be garnered above and beyond the data procured by a standard authentication system to determine if a biometric measure is authentic. The goals for the Liveness Detection (LivDet) competitions are to compare software-based fingerprint liveness detection and artifact detection algorithms (Part 1), as well as fingerprint systems which incorporate liveness detection or artifact detection capabilities (Part 2), using a standardized testing protocol and large quantities of spoof and live tests. The competitions are open to all academic and industrial institutions which have a solution for either software-based or system-based fingerprint liveness detection. The LivDet competitions have been hosted in 2009, 2011, 2013 and 2015 and have shown themselves to provide a crucial look at the current state of the art in liveness detection schemes. There has been a noticeable increase in the number of participants in LivDet competitions as well as a noticeable decrease in error rates across competitions. Participants have grown from four to the most recent thirteen submissions for Fingerprint Part 1. Fingerprints Part 2 has held steady at two submissions each competition in 2011 and 2013 and only one for the 2015 edition. The continuous increase of competitors demonstrates a growing interest in the topic.

The vulnerability of biometric systems to external attacks using a physical artefact in order to impersonate the\ legitimate user has become a major concern over the last decade. Such a threat, commonly known as {\textquoteleft}spoofing{\textquoteright}, poses a\ serious risk to the integrity of biometric systems. The usual low-complexity and low-cost characteristics of these attacks\ make them accessible to the general public, rendering each user a potential intruder. The present study addresses the\ spoofing issue analysing the feasibility to perform low-cost attacks with self-manufactured three-dimensional (3D)\ printed models to 2.5D and 3D face recognition systems. A new database with 2D, 2.5D and 3D real and fake data from\ 26 subjects was acquired for the experiments. Results showed the high vulnerability of the three tested systems,\ including a commercial solution, to the attacks.

Passwords are used for user authentication by almost every Internet service today, despite a number of well-known weaknesses. Numerous attempts to replace passwords have failed, in part because changing users{\textquoteright} behavior has proven to be difficult. One approach to strengthening password-based authentication without changing user experience is to classify login attempts into normal and suspicious activity based on a number of parameters such as source IP, geo-location, browser configuration, and time of day. For the suspicious attempts, the service can then require additional verification, e.g., by an additional phone-based authentication step. Systems working along these principles have been deployed by a number of Internet services but have never been studied publicly. In this work, we perform the first public evaluation of a classification system for user authentication. In particular: (i) we develop a statistical framework for identifying suspicious login attempts; (ii) we develop a fully functional prototype implementation that can be evaluated efficiently on large datasets; (iii) we validate our system on a sample of real-life login data from LinkedIn as well as simulated attacks, and demonstrate that a majority of attacks can be prevented by imposing additional verification steps on only a small fraction of users; and (iv) we provide a systematic study of possible attackers against such a system, including attackers targeting the classifier itself.

Governments needs reliable data on crime in order to both devise adequate policies, and allocate the correct revenues so that the measures are cost-effective, i.e., the money spent in prevention, detection, and handling of security incidents is balanced with a decrease in losses from offences. The analysis of the actual scenario of government actions in cyber security shows that the availability of multiple contrasting figures on the impact\ of cyber-attacks is holding back the adoption of policies for cyber space as their cost-effectiveness cannot be clearly assessed. The most relevant literature on the topic is reviewed to highlight the research gaps and to determine the related future research issues that need addressing to provide a solid ground for future legislative and regulatory actions at national and international levels.

In this article, we review previous work on biometric security under a recent framework proposed in the field of adversarial machine learning. This allows us to highlight novel insights on the security of biometric systems when operating in the presence of intelligent and adaptive attackers that manipulate data to compromise normal system operation. We show how this framework enables the categorization of known and novel vulnerabilities of biometric recognition systems, along with the corresponding attacks, countermeasures and defense mechanisms. We report two application examples, respectively showing how to fabricate a more effective face spoofing attack, and how to counter an attack that exploits an unknown vulnerability of an adaptive face recognition system to compromise its face templates.

Digital Enhanced Cordless Telecommunications\ (DECT) is an European Telecommunications Standards Institute\ (ETSI) standard for short-range cordless communications with\ a large worldwide installed customer base, both in residential\ and enterprise environments. As in other wireless standards, the

existence of active attacks against the security and privacy of the\ communications, involving identity spoofing, is well documented\ in the literature. Although the detection of spoofing attacks has\ been extensively investigated in the literature for other wireless\ protocols, such as Wi-Fi and GSM, very limited research has\ been conducted on their detection in DECT communications. In\ this paper, we describe an effective method for the detection\ of identity spoofing attacks on DECT communications, using\ a radio frequency fingerprinting technique. Our approach uses\ intrinsic features of the front end of DECT base stations as device\ fingerprints and uses them to distinguish between legitimate and\ spoofing devices. The results of measurement campaigns and the\ related analysis are presented and discussed.

Existing anti-malware products usually use signature-based techniques as their main detection engine. Although these methods are very fast, they are unable to provide effective protection against newly discovered malware or mutated variant of old malware. Heuristic approaches are the next generation of detection techniques to mitigate the problem. These approaches aim to improve the detection rate by extracting more behavioral characteristics of malware. Although these approaches cover the disadvantages of signature-based techniques, they usually have a high false positive, and evasion is still possible from these approaches. In this paper, we propose an effective and efficient heuristic technique based on static analysis that not only detect malware with a very high accuracy, but also is robust against common evasion techniques such as junk injection and packing. Our proposed system is able to extract behavioral features from a unique structure in portable executable, which is called dynamic-link library dependency tree, without actually executing the application. Copyright {\textcopyright} 2015 John Wiley \& Sons, Ltd.

We address one of the main open issues about the use of\ diversity in multiple classifier systems: the effectiveness of the explicit\ use of diversity \ measures for creation of classifier ensembles. So far, diversity\ measures have been mostly used for ensemble pruning, namely, for\ selecting a subset of classifiers out of an original, larger ensemble. Here\ we focus on pruning techniques based on forward/backward selection,\ since they allow a direct comparison with the simple estimation of accuracy\ of classifier ensemble. We empirically carry out this comparison for\ several diversity measures and benchmark data sets, using bagging as\ the ensemble construction technique, and majority voting as the fusion\ rule. Our results provide further and more direct evidence to previous\ observations against the effectiveness of the use of diversity measures for\ ensemble pruning, but also show that, combined with ensemble accuracy\ estimated on a validation set, diversity can have a regularization effect\ when the validation set size is small.

Image classification is intrinsically a multiclass, nonlinear classification task. Support Vector Machines (SVMs) have been successfully exploited to tackle this problem, using one-vs-one or one-vs-all learning schemes to enable multiclass classification, and kernels designed for image classification to handle nonlinearities. To classify an image at test time, an SVM requires matching it against a small subset of the training data, namely, its support vectors (SVs). In the multiclass case, though, the union of the sets of SVs of each binary SVM may almost correspond to the full training set, potentially yielding an unacceptable computational complexity at test time. To overcome this limitation, in this work we propose a well-principled reduction method that approximates the discriminant function of a multiclass SVM by jointly optimizing the full set of SVs along with their coefficients. We show that our approach is capable of reducing computational complexity up to two orders of magnitude without significantly affecting recognition accuracy, by creating a super-sparse, budgeted set of virtual vectors.

Learning in adversarial settings is becoming an important task for application domains where attackers may inject malicious data into the training set to subvert normal operation of data-driven technologies. Feature selection has been widely used in machine learning for security applications to improve generalization and computational efficiency, although it is not clear whether its use may be beneficial or even counterproductive when training data are poisoned by intelligent attackers. In this work, we shed light on this issue by providing a framework to investigate the robustness of popular feature selection methods, including LASSO, ridge regression and the elastic net. Our results on malware detection show that feature selection methods can be significantly compromised under attack (we can reduce LASSO to almost random choices of feature sets by careful insertion of less than 5\% poisoned training samples), highlighting the need for specific countermeasures.

In this paper, we present a novel method that can produce a visual description of a landmark by choosing the most diverse pictures that best describe all the details of the queried location from community-contributed datasets. The main idea of this method is to filter out non-relevant images at a first stage and then cluster the images according to textual descriptors first, and then to visual descriptors. The extraction of images from different clusters according to a measure of user{\textquoteright}s credibility, allows obtaining a reliable set of diverse and relevant images. Experimental results performed on the MediaEval 2014 {\textquoteleft}{\textquoteleft}Retrieving Diverse Social Images" dataset show that the proposed approach can achieve very good performance outperforming state-of-art techniques.

MAVEN (Management and Authenticity Verification of multimedia contENts) is a European FP7 Project focused on the development of a suite of tools for multimedia data management and security. MAVEN objectives are centered on two key concepts, search and verify, integrated in a coherent manner: the system first searches for digital contents containing objects of interest and then applies advanced forensic analysis tools to verify their integrity and authenticity. These capabilities have been developed as a single software framework, and the project also involves the implementation of a prototype demonstrator application, which brings to the end user the possibility of searching for specific contents in media while verifying their authenticity.

Person re-identification consists of recognizing individuals across different sensors of a camera network. Whereas clothing appearance cues are widely used, other modalities could be exploited as additional information sources, like anthropometric measures and gait.\ In this work we investigate whether the re-identification accuracy of clothing appearance descriptors can be improved by fusing them with anthropometric measures extracted from depth data, using RGB-D sensors, in unconstrained settings. We also propose a dissimilarity-based framework for building and fusing multi-modal descriptors of pedestrian images for re-identification tasks, as an alternative to the widely used score-level fusion. The experimental evaluation is carried out on two data sets including RGB-D data, one of which is a novel, publicly available data set that we acquired using Kinect sensors. The fusion with anthropometric measures increases the first-rank recognition rate of clothing appearance descriptors up to 20\%, whereas our fusion approach reduces the processing cost of the matching phase.

Picture sharing through social networks has become a prominent phenomenon, producing a large amount of\ data that law enforcers may be entitled to use, under the proper legal framework, as a source of information for\ investigating a crime. In this work, the authors exploit digital camera {\textquoteleft} fingerprinting {\textquoteright} based on noise residuals (sensor\ pattern noise or SPN) to achieve a novel forensic task, named picture-to-identity linking. It consists of finding social\ network accounts that possibly belong to the author of a certain photo (e.g. showing illegal content). The rationale is\ that the author of the offending photo has likely used the same camera for taking other (legal) pictures, and posted\ them in a social network account. The authors extend a previous work on the topic by coupling SPN with visual image\ similarity, a useful cue when pictures have been taken in the same environment (e.g. a room). The authors also\ improve the framework by allowing for multiple-image queries, and thoroughly evaluate the performance on two\ corpora of images from social network accounts, including the impact of image modifications. Reported results show a\ robust improvement with respect to the previous work, and prove the usefulness of picture-to-identity as an aid for\ digital forensic investigations.

Source camera identification using the residual noise pattern left by the sensor, or Sensor Pattern Noise, has received much attention by the digital image forensics community in recent years. One notable issue in this regard is that high-frequency components of an image (textures, edges) can be easily mistaken as being part of the SPN itself, due to the procedure used to extract SPN, which is based on adaptive low-pass filtering. \ In this paper, a method to cope with this problem is presented, which estimates a SPN \textit{reliability map} associating a degree of reliability to each pixel, based on the amount of high-frequency content in its neighbourhood. The reliability map is then used to weight SPN pixels during matching.\ The technique is tested using a data set of images coming from 27 different cameras; results show a notable improvement with respect to standard, non-weighted matching.

Many modern face verification algorithms use a small set of reference templates to save memory and computational resources. However, both the reference templates and the combination of the corresponding matching scores are heuristically chosen. In this paper, we propose a well-principled approach, named sparse support faces, that can outperform state-of-the-art methods both in terms of recognition accuracy and number of required face templates, by jointly learning an optimal combination of matching scores and the corresponding subset of face templates. For each client, our method learns a support vector machine using the given matching algorithm as the kernel function, and determines a set of reference templates, that we call support faces, corresponding to its support vectors. It then drastically reduces the number of templates, without affecting recognition accuracy, by learning a set of virtual faces as well-principled transformations of the initial support faces. The use of a very small set of support face templates makes the decisions of our approach also easily interpretable for designers and end users of the face verification system.

Age estimation from faces is a challenging problem that has recently gained increasing relevance due to its potentially multi-faceted applications. Many current methods for age estimation rely on extracting computationally-demanding features from face images, and then use nonlinear regression to estimate the subject{\textquoteright}s age. This often requires matching the submitted face image against a set of face prototypes, potentially including all training face images, as in the case of kernel-based methods. In this work, we propose a super-sparse regression technique that can reach comparable performance with respect to other nonlinear regression techniques, while drastically reducing the number of reference prototypes required for age estimation. Given a similarity measure between faces, our technique learns a sparse set of virtual face prototypes, whose number is fixed a priori, along with a set of optimal weight coefficients to perform linear regression in the space induced by the similarity measure. We show that our technique does not only drastically reduce the number of reference prototypes without compromising estimation accuracy, but it can also provide more interpretable decisions.

Machine learning algorithms are increasingly being applied in security-related tasks such as spam and malware detection, although their security properties against deliberate attacks have not yet been widely understood. Intelligent and adaptive attackers may indeed exploit specific vulnerabilities exposed by machine learning techniques to violate system security. Being robust to adversarial data manipulation is thus an important, additional requirement for machine learning algorithms to successfully operate in adversarial settings. In this work, we evaluate the security of Support Vector Machines (SVMs) to well-crafted, adversarial label noise attacks. In particular, we consider an attacker that aims to maximize the SVM{\textquoteright}s classification error by flipping a number of labels in the training data. We formalize a corresponding optimal attack strategy, and solve it by means of heuristic approaches to keep the computational complexity tractable. We report an extensive experimental analysis on the effectiveness of the considered attacks against linear and non-linear SVMs, both on synthetic and real-world datasets. We finally argue that our approach can also provide useful insights for developing more secure SVM learning algorithms, and also novel techniques in a number of related research areas, such as semi-supervised and active learning.

Learning what a specific user is exactly looking for, during a session of image search and retrieval, is a problem that has been mainly approached with "classification" or "exploration" techniques. Classification techniques follow the assumption that the images in the archive are statically subdivided into classes. Exploration approaches, on the other hand, are more focused on following the varying needs of the user. It turns out that image retrieval techniques based on classification approaches, though often showing good performances, are not prone to adapt to different users{\textquoteright} goals. In this paper we propose a relevance feedback mechanism that drives the search into promising regions of the feature space according to the Nearest Neighbor paradigm. In particular, each image labelled as being relevant by the user, is used as a "seed" for an exploration of the space based on the Nearest Neighbors paradigm. Reported results show that this technique allows attaining higher recall and average precision performances than other state-of-the-art relevance feedback approaches.

In this paper we describe the roadmapping method- ology we developed in the context of the CyberROAD EU FP7 project, whose aim is to develop a research roadmap for cybercrime and cyber terrorism. To this aim we built on state-of-the-art methodologies and available guidelines, including related projects, and adapted them to the peculiarities of our roadmapping subject. In particular, its distinctive feature is that cybercrime and cyber terrorism co-evolve with their contextual environment (i.e., technology, society, politics and economy), which poses specific challenges to a roadmapping effort. Our approach can become a best practice in the field of cybersecurity, and can be also generalised to phenomena that exhibit a similar, strong co-evolution with their contextual environment. We aim to describe here the roadmapping methodology that will lead to the roadmap but not the roadmap itself (this one being, incidentally , still under construction at the time of writing this paper).

One of the biggest challenges faced by law enforcement entities in the present digital era, is fighting against on-line Child Sexual Abuse (CSA), due in particular to the massive\ amount of data that they receive for analysis. Pattern recognition\ systems can provide an aid, e.g., to ease the identification of both\ the perpetrator and the victim of the crime. In particular, ancillary cues related the identity of the involved persons, like age, race\ or gender, can represent a significant aid for identification. These\ cues can be estimated using statistical classifiers on face features.\ In this work, we explore one of these ancillary cues, namely\ the gender. The research community has provided methods for\ gender recognition able to achieve good performance with adults.\ However, in the case of CSA, victims are minors (typically, very\ young children). Children gender recognition may be difficult\ even for humans, due to the lack of many gender-specific face\ traits usually present in adult faces. Totally uncontrolled poses\ and illumination conditions, that might be found in CSA material,\ represent an additional issue. We propose to tackle this problem\ by the use of contextual information to complement face features\ used by traditional algorithms. In particular, we exploit the image\ context of the face, that is, the portion of the image surrounding\ the face. This is motivated by the usage that humans themselves\ make of face external information, such as the hair or earrings,\ to take decisions on this task. The proposed approach is tested on\ a novel data base of faces of children, collected from royalty-free\ stock-photography web sites, which show totally unconstrained\ conditions. The reported results are promising and set the way\ for a deeper study of the use of the face context for estimating\ ancillary identification cues.

When a multi-label classifier outputs a real-valued score for each class, a well known design strategy consists of tuning the corresponding decision thresholds by optimising the performance measure of interest on validation data. In this paper we focus on the F -measure, which is widely used in multi-label problems. We derive two properties of the micro-averaged F measure, viewed as a function of the threshold values, which allow its global maximum to be found by an optimisation strategy with an upper bound on computational complexity of O(n2 N 2), where N and n are respectively the number of classes and of validation samples.
So far, only a suboptimal threshold selection rule and a greedy algorithm without any optimality guarantee were known for this task. We then devise a possible optimisation algorithm based on our strategy, and evaluate it on three benchmark, multi-label data sets.
\

Learning and recognition of secure patterns is a well-known problem in nature. Mimicry and camouflage are widely-spread techniques in the arms race between predators and preys. All of the information acquired by our senses is therefore not necessarily secure or reliable. In machine learning and pattern recognition systems, we have started investigating these issues only recently, with the goal of learning to discriminate between secure and hostile patterns. This phenomenon has been especially observed in the context of adversarial settings like biometric recognition, malware detection and spam filtering, in which data can be adversely manipulated by humans to undermine the outcomes of an automatic analysis. As current pattern recognition methods are not natively designed to deal with the intrinsic, adversarial nature of these problems, they exhibit specific vulnerabilities that an adversary may exploit either to mislead learning or to avoid detection. Identifying these vulnerabilities and analyzing the impact of the corresponding attacks on pattern classifiers is one of the main open issues in the novel research field of adversarial machine learning.

In the first part of this talk, I introduce a general framework that encompasses and unifies previous work in the field, allowing one to systematically evaluate classifier security against different, potential attacks. As an example of application of this framework, in the second part of the talk, I discuss evasion attacks, where malicious samples are manipulated at test time to avoid detection. I then show how carefully-designed poisoning attacks can mislead learning of support vector machines by manipulating a small fraction of their training data, and how to poison adaptive biometric verification systems to compromise the biometric templates (face images) of the enrolled clients. Finally, I briefly discuss our ongoing work on attacks against clustering algorithms, and sketch some possible future research directions.

In video-surveillance and ambientintelligenceapplications, head-pose estimationisanimportant and challenging task. Basically, the problem lies in assessingthe pose oftheheadaccordingtothreereferenceangles, that indicate thehead rotation withrespecttothreeorthogonal axes, and are named roll, yaw, and pitchangles. The problem becomesparticularlydifficult if only2D video-sequences or stillimages are available, thusinformationaboutthedepthofthe scene ismissing. Thismakesthecomputationofthepitch angle verydifficult. State-of-the-art methodsusually add theinformation on thepitch angle separately, and this makesthemstronglydependent on the hardware used and the scene undersurveillance. Moreover, some ofthemrequirelarge training setswithheadposes data. Finally, theextractionofseveralfeatures from thedetectedfaceisoftennecessary. Sincehead-pose estimationisonly a (small) partof a video-surveillance system as a whole, itisnecessaryto find novelapproacheswhichmakethehead-pose estimationassimpleaspossible, in ordertoallowtheir use in real-time. In this paper, a novelmethod for automatichead-pose estimationispresented. Thisisbased on a geometrical model relying on theexploitationoftheVitruvianman{\textquoteright}sproportions and therelated {\textquoteleft}{\textquoteleft}Golden Ratio{\textquoteright}{\textquoteright}. Ourapproachreducesthenumberoffeaturesextracted, avoidingtheneedof a training set aswellasinformation on the hardware used or the scene undercontrol. Simpleratiosamongeyes and nosepositions, accordingtotheassumed {\textquoteleft}{\textquoteleft}Golden Ratio{\textquoteright}{\textquoteright}, are usedtocompute, in particular, thepitch angle. Proposedmethodperformscompetitivelywithrespectto state-of-the-art approaches, withoutrequiringtheirworkingconstraints and assumptions.

In the last years the use of the so-called bag-of-features approach, often referred to also as the codebook approach, has extensively gained large popularity among researchers in the image classification field, as it exhibited high levels of performance. A large variety of image classification, scene recognition, and more in general computer vision problems have been addressed according to this paradigm in the recent literature. Despite the fact that some papers questioned the real effectiveness of the paradigm, most of the works in the literature follows the same approach for codebook creation, making it a standard \textit{{\textquoteleft}{\textquoteleft}de facto{\textquoteright}{\textquoteright}}, without any critical investigation on the suitability of the employed procedure to the problem at hand. The most widespread structure for codebook creation is made up of four steps: dense sampling image patch detection; use of SIFT as patch descriptors; use of the $k$-means algorithms for clustering patch descriptors in order to select a small number of representative descriptors; use of the SVM classifier, where images are described by a codebook whose vocabulary is made up of the selected representative descriptors. In this paper, we will focus on a critical review of the third step of this process, to see if the clustering step is really useful to produce effective codebooks for image classification tasks. Reported results clearly show that a codebook created according to a purely random extraction of the patch descriptors from the set of descriptors extracted from the images in a dataset, is able to improve classification performances with respect to the performances attained with codebooks created by the clustering process.

},
keywords = {cbir00},
isbn = {978-3-319-08978-2},
url = {http://link.springer.com/chapter/10.1007\%2F978-3-319-08979-9_25},
author = {Luca Piras and Giorgio Giacinto}
}
@article {biggio14-ijprai,
title = {Pattern Recognition Systems under Attack: Design Issues and Research Challenges},
journal = {Int{\textquoteright}l J. Patt. Recogn. Artif. Intell.},
volume = {28},
year = {2014},
pages = {1460002},
abstract = {We analyze the problem of designing pattern recognition systems in adversarial settings, under an engineering viewpoint, motivated by their increasing exploitation in security-sensitive applications like spam and malware detection, despite their vulnerability to potential attacks has not yet been deeply understood. We first review previous work and report examples of how a complex system may be evaded either by leveraging on trivial vulnerabilities of its untrained components, e.g. parsing errors in the pre-processing steps, or by exploiting more subtle vulnerabilities of learning algorithms. We then discuss the need of exploiting both reactive and proactive security paradigms complementarily to improve the security by design. Our ultimate goal is to provide some useful guidelines for improving the security of pattern recognition in adversarial settings, and to suggest related open issues to foster research in this area.},
doi = {10.1142/S0218001414600027},
author = {Battista Biggio and Giorgio Fumera and Fabio Roli}
}
@inbook { 1468,
title = {People search with textual queries about clothing appearance attributes},
booktitle = {Person Re-Identification, Advances in Computer Vision and Pattern Recognition},
year = {2014},
publisher = {Springer},
organization = {Springer},
abstract = {

Person re-identification consists of searching for an individual of interest in video sequences acquired by a camera network, using animage\ of that individual as a query.\ Here we consider a related task, named\ people search with textual queries, which consists of searching images of individuals that match a\ textual description\ of clothing appearance, given by a Boolean combination of predefined attributes.\ People search can be useful in applications like forensic video analysis, where the query can be obtained from a eyewitness report.\ We propose a general method for implementing people search as an extension of any given re-identification system that uses any multiple part-multiple component appearance descriptor.\ In our method the same descriptor of the re-identification system at hand is used, and attributes are chosen by taking into account the information it provides. The original descriptor is then transformed into a dissimilarity one. Attribute detectors are finally constructed as supervised classifiers, using dissimilarity descriptors as the input feature vectors.\ We experimentally evaluate our method on a benchmark re-identification data set.

Clustering algorithms have become a popular tool in computer security to analyze the behavior of malware variants, identify novel malware families, and generate signatures for antivirus systems. However, the suitability of clustering algorithms for security-sensitive settings has been recently questioned by showing that they can be significantly compromised if an attacker can exercise some control over the input data. In this paper, we revisit this problem by focusing on behavioral malware clustering approaches, and investigate whether and to what extent an attacker may be able to subvert these approaches through a careful injection of samples with poisoning behavior. To this end, we present a case study on Malheur, an open-source tool for behavioral malware clustering. Our experiments not only demonstrate that this tool is vulnerable to poisoning attacks, but also that it can be significantly compromised even if the attacker can only inject a very small percentage of attacks into the input data. As a remedy, we discuss possible countermeasures and highlight the need for more secure clustering algorithms.

The concept of Smart Home where appliances,\ sensors, actuators, displays and computing resources are connected\ and interact to support the life of the citizen is being\ increasingly researched. In this context, the Wi-Fi communication\ technology has grown to become the de-facto standard for data\ communications in Smart Home environments, with cordless\ telephony being dominated by the DECT protocol. Even though\ both technologies incorporate sets of security features aimed at\ securing the confidentiality and integrity of the communications,\ the nature and the design of both radio-frequency protocols make\ them vulnerable, up to a certain extent, to privacy leakages\ through traffic analysis attacks. In this paper we explore the\ information leakage vulnerabilities inherent to these technologies\ and their potential impact on citizens{\textquoteright} privacy in the context of\ the Smart Home. We demonstrate how the websites visited by a\ smart device can be inferred by applying machine learning and\ pattern matching techniques to eavesdropped encrypted traffic.

In this paper, we describe our approach and its results for MediaEval 2014 Retrieving Diverse Social Images Task. The basic idea of our proposed method is to filter out non-relevant images at the beginning of the process and then construct a hierarchical tree which allows to cluster the images with different criteria on visual and textual features. Experimental results shown that it is stable and has little fluctuation with the number of topics.

Digital imaging devices have gained an important role in everyone{\textquoteright}s life, due to a continuously decreasing price, and of the growing interest on photo sharing through social networks. As a result of the above facts, everyone continuously leaves visual {\textquotedblleft}traces{\textquotedblright} of his/her presence and life on the Internet, that can constitute precious data for forensic investigators. Digital Image Forensics is the task of analysing such digital images for collecting evidences. In this field, the recent introduction of techniques able to extract a unique {\textquoteright}fingerprint{\textquoteright} of the source camera of a picture, e.g. based on the Sensor Pattern Noise (SPN), has set the way for a series of useful tools for the forensic investigator. In this paper, we propose a novel usage of SPN, to find social network accounts belonging to a certain person of interest, who has shot a given photo. This task, that we name Picture-to-Identity linking, can be useful in a variety of forensic cases, e.g., finding stolen camera devices, cyber-bullying, or on-line child abuse. We experimentally test a method for Picture-to-Identity linking on a benchmark data set of publicly accessible social network accounts collected from the Internet. We report promising result, which show that such technique has a practical value for forensic practitioners.

Intrusion Detection Systems (IDSs) are one of the key components for securing computing infrastructures. Their objective is to protect against attempts to violate defense mechanisms. Indeed, IDSs themselves are part of the computing infrastructure, and thus they may be attacked by the same adversaries they are designed to detect. This is a relevant aspect, especially in safety-critical environment, such as hospitals, aircrafts, nuclear power plants, etc. To the best of our knowledge, this survey is the first work to present an overview on adversarial attacks against IDSs. In particular, this paper will provide the following original contributions: (a) a general taxonomy of attack tactics against IDSs; \ (b) an extensive description of how such attacks can be implemented by exploiting IDS weaknesses at different abstraction levels (c) for each attack implementation, a critical investigation of proposed solutions and open points. Finally, this paper will highlight the most promising research directions for the design of adversary-aware, harder-to-defeat IDS solutions. To this end, we leverage on our research experience in the field of intrusion detection, as well as on a thorough investigation of the relevant related works published so far.

In video-surveillance, person re-identification is the task of recognising whether an individual has already been observed over a network of cameras. Typically, this is achieved by exploiting the clothing appearance, as classical biometric traits like the face are impractical in real-world video surveillance scenarios. Clothing appearance is represented by means of low-level local and/or global features of the image, usually extracted according to some part-based body model to treat different body parts (e.g. torso and legs) independently. This paper provides a comprehensive review of current approaches to build appearance descriptors for person re-identification. The most relevant techniques are described in detail, and categorised according to the body models and features used. The aim of this work is to provide a structured body of knowledge and a starting point for researchers willing to conduct novel investigations on this challenging topic.

Self-update is the most commonly adopted biometric template update technique in hich the system adapts itself to the confidently classified samples. However, the recent works indicate that self-update has limited capability to capture samples representing significant intra-class variations. As an alternative, a biometric template update technique based on the graph-based representation is proposed. This technique can potentially apture samples with significant variations, resulting in efficient adaptation. Until now, the efficacy of these adaptation techniques has been proven only on the basis of experimental evaluations on small data sets. The contribution of this paper lies in (a) conceptual explanation of the functioning of self-update and graph-based techniques to template adaptation leading to efficacy of the latter and (b) evaluation of the performance of these adaptation techniques in comparison to the baseline system without adaptation. Experiments are conducted on the large DIEE data set, explicitly collected for this aim. Reported results validate the superiority of the graph-based technique over selfupdate.

Visual codebooks generated by the quantization of local de- scriptors allows building effective feature vectors for image archives. Codebooks are usually constructed by clustering a subset of image descriptors from a set of training images. In this paper we investigate the effect of the combination of an ensemble of different codebooks, each codebook being created by using different pseudo-random techniques for subsampling the set of local descriptors. Despite the claims in the literature on the gain attained by combining different codebook representations, reported results on different visual detection tasks show that the diversity is quite small, thus allowing for modest improvement in performance w.r.t. the standard random subsampling procedure, and calling for further investigation on the use of ensemble approaches in this context.

One of the most important assets to be protected is information, as every aspect of the life of a society deeply depends on the available information. Nowadays information is stored, processed, and communicated by computers. It turns out that computers represent the most critical tool in modern society. A number of pro- tection mechanisms are available so far, such as antivirus software tools, and biome- tric access control systems. For their effectiveness, frequent updates are needed, due to the rapid evolution of attack patterns. In fact, attacks are often devised and spread by running computer programs, which can produce new effective attacks in a short time frame. It turns out that machine learning techniques with their generalization capability are one of the favorite approaches to deploy protection and attack detection mechanisms. In this paper, we discuss the approaches that should be followed when devising machine learning techniques for security applications. In particular, we will focus on testing methodologies, performance measures, and techniques aimed at reducing the intrinsic variability of performance that often machine learning application exhibit in real-world scenarios.

Many multi-label classifiers provide a real-valued score for each class.A well known design approach consists of tuning the corresponding decision thresholds by optimising the performance measure of interest.We address two open issues related to the optimisation of the widely used F measure and precision-recall (P-R) curve, with respect to class-related decision thresholds, on a given data set.(i) We derive properties of the micro-averaged F, which allow its global maximum to be found by an optimisation strategy with a low computational cost.So far, only a suboptimal threshold selection rule and a greedy algorithm with no optimality guarantee were known.(ii) We rigorously define the macro and micro P-R curves, analyse a previously suggested strategy for computing them, based on maximising F, and develop two possible implementations, which can be also exploited for optimising related performance measures.We evaluate our algorithms on five data sets related to three different application domains.

The score-level fusion approaches for fingerprint verification have been widely investigated. However, this investigation has been performed by studying each approach independently from the others, thus using different acquisition sensors, matching algorithms, fusion rules, and data sets. Due to this strong variability, the literature is lack of an experimental investigation aimed to fairly compare the various approaches. This is the scope of the present paper, from the point of view of the performance improvement especially. In our opinion, this investigation can allow to confirm state-of-the-art results by further experimental evidences.

The increasing availability of large archives of digital images has pushed the need for effective image retrieval systems. Relevance Feedback (RF) techniques, where the user is involved in an iterative process to refine the search, have been recently formulated in terms of classification paradigms in low-level feature spaces. Two main issues arises in this formulation, namely the small size of the training set, and the unbalance between the class of relevant images and all other non-relevant images. To address these issues, in this paper we propose to formulate the RF paradigm in terms of Passive-Aggressive on-line learning approaches. These approaches are particularly suited to be implemented in RF because of their iterative nature, which allows further improvements in the image search process. The reported results show that the performances attained by the proposed algorithm are comparable, and in many cases higher, than those attained by other RF approaches.

The widespread diffusion of digital imaging devices fuelled a growing interest on photo sharing through social networks. Nowadays, Internet users continuously leave visual {\textquotedblleft}traces{\textquotedblright} of their presence and life on the Internet, which can constitute precious data for forensic investigators. Digital Image Forensics tools are used to analyse such images and collect evidences. One of such tools is the Sensor Pattern Noise (SPN), that is, an unique {\textquotedblleft}fingerprint{\textquotedblright} left on a picture by the source camera sensor. In this paper, we propose and experimentally test a novel usage of SPN, to find social network accounts belonging to a person of interest, who has shot a given photo. We name this task Picture-to-Identity linking, and believe it can be useful in a variety of forensic cases, e.g., finding stolen camera devices, cyber-bullying, or on-line child abuse. We evaluate two methods for Picture-to-Identity linking based on two existing SPN comparison techniques, on a benchmark data set of publicly accessible social network accounts collected from the Internet. The reported results are promising and show that such technique has a practical value for forensic practitioners.

Adaptive biometric systems update clients{\textquoteright} templates during operation to account for natural changes over time (e.g., aging of biometric templates). Recently, it has been shown that this update can be exploited by an attacker to compromise the clients{\textquoteright} templates: by presenting a proper sequence of fake biometric traits to the sensor, the attacker may eventually impersonate the targeted clients without any fake trait, and even force the system to deny access to them. This attack has however been shown only for PCA-based face verification, with one template per client, under worst-case assumptions about the attacker{\textquoteright}s knowledge of the system. In this paper, we show that it can be successful even in the case of multiple templates per client, for different matchers, and under more realistic scenarios, and validate it by experiments to highlight its practical relevance.

Person re-identification consists of recognizing a person over different cameras, using appearance cues. We investigate the deployment of real-world re-identification systems, by developing and testing a working prototype. We focus on two practical issues: computational complexity, and reliability of segmentation and tracking. The former is addressed by using a recently proposed fast re-identification method, the latter by using Kinect cameras. To our knowledge, this is the first example of a fully-functional re-identification system based on Kinect in the literature. We finally point out possible improvements and future research directions.

},
month = {21/02/2013},
address = {Barcelona, Spain},
abstract = {

Person re-identification consists of recognizing a person over different cameras, using appearance cues. We investigate the deployment of real-world re-identification systems, by developing and testing a working prototype. We focus on two practical issues: computational complexity, and reliability of segmentation and tracking. The former is addressed by using a recently proposed fast re-identification method, the latter by using Kinect cameras. To our knowledge, this is the first example of a fully-functional re-identification system based on Kinect in the literature. We finally point out possible improvements and future research directions.

A large number of today{\textquoteright}s botnets leverage the HTTP protocol to communicate with their botmasters or perpetrate malicious activities. In this paper, we present a new scalable system for network-level behavioral clustering of HTTP-based malware that aims to efficiently group newly collected malware samples into malware family clusters. The end goal is to obtain malware clusters that can aid the automatic generation of high quality network signatures, which can in turn be used to detect botnet command-and-control (C\&C) and other malware-generated communications at the network perimeter. We achieve scalability in our clustering system by simplifying the multi-step clustering process proposed in [30], and by leveraging incremental clustering algorithms that run efficiently on very large datasets. At the same time, we show that scalability is achieved while retaining a good trade-off between detection rate and false positives for the signatures derived from the obtained malware clusters. We implemented a proof-of-concept version of our new scalable malware clustering system and performed experiments with about 65,000 distinct malware samples. Results from our evaluation confirm the effectiveness of the proposed system and show that, compared to [30], our approach can reduce processing times from several hours to a few minutes, and scales well to large datasets containing tens of thousands of distinct malware samples.

Many multi-label classifiers provide a real-valued score for each class. A well known design approach consists of tuning the corresponding decision thresholds by optimising the performance measure of interest. We address two open issues related to the optimisation of the widely used F measure and precision-recall (P-R) curve, with respect to class-related decision thresholds, on a given data set. (i) We derive properties of the micro-averaged F, which allow its global maximum to be found by an optimisation strategy with a low computational cost. So far, only a suboptimal threshold selection rule and a greedy algorithm with no optimality guarantee were\ known. (ii) We rigorously define the macro and micro P-R curves, analyse a previously suggested strategy for computing them, based on maximising F, and develop two possible implementations, which can be also exploited for optimising related performance measures. We evaluate our algorithms on five data sets related to three different application domains.

Among the possible applications of computer vision to video-surveillance, person re-identification over a network of camera sensors, using cues related to clothing appearance, is gaining much interest. Re-identification techniques can be used for various tasks, e.g., online tracking of a person, and off-line retrieval of all video sequences containing an individual of interest, whose image is given as a query. Recently, some authors proposed to exploit clothing appearance descriptors also to retrieve video sequences of individuals that match a textual description of clothing (e.g., {\textquoteright}person wearing a black t-shirt and white trousers{\textquoteright}), instead of an image. We name this task {\textquoteright}appearance-based people search{\textquoteright}. This functionality can be useful, e.g., in forensics investigations, where a textual description can be provided by a witness. In this paper, we present and experimentally evaluate a general method to perform both person re-identification and people search, using any given descriptor of clothing appearance that exploits widely used multiple part/multiple component representations. It is based on turning the considered appearance descriptor into a dissimilarity-based one, through a framework we previously proposed for speeding up person re-identification methods. Our approach allows one to deploy systems able to perform both tasks with the same pipeline and processing stages for constructing descriptors.

Biometric-based person recognition poses a challenging problem because of large variability in biometric sample quality encountered during testing and a restricted number of enrollment samples for training. Solutions in the form of adaptive biometrics have been introduced to address this issue. These adaptive biometric systems aim to adapt enrolled emplates to variations in samples observed during operations. However, despite numerous advantages, few commercial endors have adopted auto-update procedures in their products. This is due in part to the limited understanding and imitations associated with existing adaptation schemes. In view of that the topic of adaptive biometrics has not been ystematically investigated, this study works towards filling this gap by surveying the topic from a growing body of the recent literature and by providing a coherent view (critical analysis) of the limitations of the existing systems. In addition, the authors have also identified novel research directions and proposed a novel framework. The overall aim is to advance the state-of-the-art and improve the quality of discourse in this field.

In the emerging field of adaptive biometrics, systems aim to adapt enrolled templates to variations in samples observed during operations. However, despite numerous advantages, few commercial vendors have adopted auto-update procedures in their products. This is due to limitations associated with existing adaptation schemes. This paper proposes a dual-staged template adaptation scheme that allows to capture {\textquoteleft}informative{\textquoteright} operational samples with significant variations but without increasing the vulnerability to impostor intrusion. This is achieved through a two staged classification-selection approach driven by the harmonic function and risk minimization technique, over a graph based representation of (enrolment and operational) samples. Experimental results on the DIEE fingerprint data set, explicitly collected for evaluating adaptive biometric systems, demonstrate that the proposed scheme results in 67\% reduction in\ error over the baseline system (without adaptation), outperforming state-of-the-art methods.

The sensor pattern noise (SPN) is a unique attribute of the content of images that can facilitate identification of source digital imaging devices. Due to its potential in forensic applications, it has drawn much attention in the digital forensic community. While much work has been done on the applications of the SPN, investigations into its characteristics have been largely overlooked in the literature. In this paper, we aim to fill this gap by providing insight into the characteristic dependency of the SPN quality on its location in images. We have observed that the SPN components at the image periphery are not reliable for the task of source camera identification, and tend to cause higher false positive rates. Empirical evidence is presented in this work. We suspect that this location-dependent SPN quality degradation has strong connection with the so-called vignetting effect, as both exhibit the same type of location-dependency. We recommend that when image blocks are to be used for forensic investigations, they should be taken from the image centre before SPN extraction is performed in order to reduce false positive rate.

In this paper, the Relevance Feedback procedure for Content Based Image Retrieval is considered as an Exploration-Exploitation approach. The proposed method exploits the information obtained from the relevance score as computed by a Nearest Neighbor approach in the exploitation step. The idea behind the Nearest Neighbor relevance feedback is to retrieve the immediate neighborhood of the area of the feature space where relevant images are found. The exploitation step aims at returning to the user the maximum number of relevant images in a local region of the feature space. On the other hand, the exploration step aims at driving the search towards different areas of the feature space in order to discover not only relevant images but also informative images. Similar ideas have been proposed with Support Vector Machines, where the choice of the informative images has been driven by the closeness to the decision boundary. Here, we propose a rather simple method to explore the representation space in order to present to the user a wider variety of images. Reported results show that the proposed technique allows to improve the performance in terms of average precision and that the improvements are higher if compared to techniques that use an SVM approach.

Recent works have shown that multimodal biometric systems can be evaded by spoofing only a single biometric trait. In this paper, we propose a method to evaluate the robustness of such systems against spoofing attacks, when score level fusion rules are used. The aim is to rank several score level fusion rules, to allow the designer to choose the most robust one according to the model predictions. Our method does not require to fabricate fake biometric traits, and allows one to simulate different possible spoofing attacks using the information of genuine and impostor distributions. Reported results, using data set containing realistic spoofing attacks, show that our method can rank correctly score level fusion rules under spoofing attacks.

Recent works have investigated the robustness to spoofing attacks of multi-modal biometric systems in parallel fusion mode. Contrary to a common belief, it has been shown that they can be cracked by spoofing only one biometric trait. Robustness evaluation of multi-modal systems in serial fusion mode has not yet been investigated, instead. Thus, the aim of this paper is to comparatively evaluate the robustness of multi-modal systems, in serial and parallel fusion modes, under spoofing attacks. In particular, we empirically investigate the vulnerability of serial and parallel fusion of face and fingerprint biometrics to real spoofing attacks. Our results show that multi-modal systems in both fusion modes are vulnerable to attacks against a single biometric trait. On the other hand, they show that the serial fusion mode can attain a favorable trade-off between performance, verification time, and robustness against spoofing attacks.

Fingerprint liveness detection is aimed to detect if a fingerprint image, sensed by an electronic device, belongs to an "alive" fingertip or to be an artificial replica of it. Recent studies have shown that a fingerprint can be replicated and, if a clever attacker tries to evade the system, this is an issue. Accordingly, several countermeasures in terms of "fingerprint liveness" detection algorithms have been proposed, but never compared on a benchmark data set, internationally accepted by the research community. In this paper, we present some recent experimental results on several state-of-the-art fingerprint liveness detection algorithms on the datasets available at Second International Fingerprint Liveness Detection Competition (LivDet 2011). The results we proposed help assessing which are the more effective approaches used so far.

The aim of fingerprint liveness detection is to detect if a fingerprint image, sensed by an electronic device, belongs to an alive fingertip or to an artificial replica of it. It is well-known that a fingerprint can be replicated and standard electronic sensors cannot distinguish between a replica and an alive fingerprint image. Accordingly, several countermeasures in terms of fingerprint liveness detection algorithms have been proposed, but their performance is not yet acceptable. However, no works studied the possibility of combining different feature sets, thus exploiting the eventual complementarity among them. In this paper, we show some preliminary experiments on feature-level fusion of several algorithms, including a novel feature set proposed by the authors. Experiments are carried out on the datasets available at Second International Fingerprint Liveness Detection Competition (LivDet 2011). Reported results clearly show that multiple feature sets allow improving the liveness detection performance.

Person re-identification consists of recognizing an individual who has previously been observed over a camera network. It is a\ recently introduced computer vision task that can provide useful tools\ for many applications of video-surveillance. Person re-identification exhibits several challenging issues. Most notable ones are pose variations,\ partial occlusions, and changing lighting conditions. Another relevant

issue is computational complexity. In this contribution, we present the\ results attained by the Pattern Recognition and Applications (PRA)

Group in this field: 1) a framework for person re-identification methods;\ 2) a dissimilarity-based approach for speeding up existing methods; 3)\ a dissimilarity-based approach for retrieving images of individuals based\ on a textual query describing clothing appearance, instead of an image.

Person re-identification is a recently introduced computer vision task that consists of recognising an individual who was previously observed over a video-surveillance camera network. Among the open problems, in this paper we focus on computational complexity. Despite its practical relevance, especially in real-time applications, this issue has been overlooked in the literature so far. In this paper, we address it by exploiting a framework we proposed in a previous work. It allows us to turn any person re-identification method, that uses multiple components and a body part subdivision model, into a dissimilarity-based one. Each individual is represented as a vector of dissimilarity values to a set of visual prototypes, that are drawn from the original non-dissimilarity representation. Experiments on two benchmark datasets provide evidence that a dissimilarity representation provides very fast re-identification methods. We also show that, even if the re-identification accuracy can be lower (especially when the number of candidates is low), the trade-off between processing time and accuracy can nevertheless be advantageous, in real-time application scenarios involving a human operator.

Fingerprint liveness detection consists in verifying if an input fingerprint image, acquired by a fingerprint verification system, belongs to a genuine user or is an artificial replica. Although several hardware- and software-based approaches have been proposed so far, this issue still remains unsolved due to the very high difficulty in finding effective features for detecting the fingerprint liveness. In this paper, we present a novel features set, based on the local phase quantization (LPQ) of fingerprint images. LPQ method is well-known for being insensitive to blurring effects, thus we believe it could be useful for detecting the differences between an alive and a fake fingerprint, due to the loss of information which may occur during the replica fabrication process. The method is tested on the four data sets of the Second International Fingerprint Liveness Detection Competition, and shows promising and competitive results with other state-of-the-art features sets.

When a multi-label classifier outputs a real-valued score for each class, a well known design strategy consists of tuning the corresponding decision thresholds by optimising the performance measure of interest on validation data.In this paper we focus on the F-measure, which is widely used in multi-label problems.We derive two properties of the micro-averaged F measure, viewed as a function of the threshold values, which allow its global maximum to be found by an optimisation strategy with an upper bound on computational complexity of O(n2 N2), where N and n are respectively the number of classes and of validation samples.So far, only a suboptimal threshold selection rule and a greedy algorithm without any optimality guarantee were known for this task.We then devise a possible optimisation algorithm based on our strategy, and evaluate it on three benchmark, multi-label data sets.\

Person re-identification consists of recognising a person appearing in different video sequences, using an image as a query.\ We propose a general approach to extend appearance-based re-identification systems, enabling also textual queries describing clothing appearance (e.g., {\textquoteright}person wearing a white shirt and checked blue shorts{\textquoteright}). This functionality can be useful, e.g., in forensic video analysis, when textual descriptions of individuals of interest given by witnesses are available, instead of images.\ Our approach is based on turning any given appearance descriptor into a dissimilarity-based one. This allows us to build detectors of the clothing characteristics of interest using supervised classifiers trained in a dissimilarity space, independently on the original descriptor.\ Our approach is evaluated using the descriptors of three different re-identification methods, on a benchmark data set.

This paper presents the participation of the Pattern Recognition and Application Group (PRA Group) and the Ambient Intelligence (AmILAB) in the ImageCLEF 2012 Personal Photo Retrieval Pilot Task. This is a pilot task that aims to provide a test bed for QBE-based re- trieval scenarios in the scope of personal information retrieval based on a collection of 5,555 personal images plus rich meta-data. For this chal- lenge we used Image Hunter, a content based image retrieval tool with relevance feedback previously developed by ourselves. The results show that we obtained good results by taking into account that we used only visual data, moreover we were the only one that used relevance feedback.

Fingerprint liveness detection consists in extracting measurements, from a fingerprint image, allowing to distinguish between an {\textquotedblleft}alive{\textquotedblright} fingerprint image, that is, an image coming from the fingertip of the claimed identity, and an artificial replica. Several algorithms have been proposed so far, but the robustness of their performance has not yet been compared when varying several environmental conditions. In this paper, we present a set of experiments investigating the performance of several feature sets designed for fingerprint liveness detection. In particular we assessed the decrease of performance when varying the pressure and the environmental illumination as well as the size of the region of interest (ROI) used for extracting such features. Experimental results on a large data set show the different dependence of some features sets on the investigated conditions.

We investigate the application of similarity-based classification to biometric recognition, interpreting similarity functions used in biometric systems (i.e., matching algorithms) as kernel functions. This leads us to formulate biometric recognition as a distinct two-class classification problem for each client, which can be solved even when no representation of biometric samples in a feature space of fixed dimensionality is available. We discuss the relationship of our approach with cohort-based methods, and show that using support vector machines exhibits several advantages, in terms of the automatic selection of the cohort size and elements, and of the possible update of each user model. A biometric verification setting is considered for the formulation of the approach, but experimental results with face and fingerprint data sets are reported for both verification and identification settings.

{\textquotedblleft}Liveness detection{\textquotedblright}, a technique used to determine the vitality of a submitted biometric, has been implemented in fingerprint scanners in recent years. The goal for the LivDet 2011 competition is to compare software-based fingerprint liveness detection methodologies (Part 1), as well as fingerprint systems which incorporate liveness detection capabilities (Part 2), using a standardized testing protocol and large quantities of spoof and live fingerprint images. This competition was open to all academic and industrial institutions which have a solution for either software-based or system-based fingerprint vitality detection problem. Five submissions across the two parts of the competition resulted in successful completion. These submissions were: Chinese Academy of Sciences Institute of Automation (CASIA), Federico II University (Federico) and Dermalog Identification SystemsGmbH (Dermalog) for Part 1: Algorithms, and GreenBit and Dermalog for Part 2: Systems. Part 1 was evaluated using four different datasets. The best results were from Federico on the Digital Persona dataset with error for live and spoof detection of 6.2\% and 11.61\% respectively. The best overall results for Part 1 were Dermalog with 34.05 FerrFake and 11.825\% FerrLive. Part 2 was evaluated using live subjects and spoof finger casts. The best results were from Dermalog with an error for live and spoof of 42.5\% and 0.8\%, respectively.

Anyone who has ever tried to describe a picture in words is aware that it is not an easy task to find a word, a concept, or a category that characterizes it completely. Most images in real life represent more than a concept; therefore, it is natural that images available to users over the Internet (e.g., FLICKR) are associated with multiple tags. By the term {\textquoteleft}tag{\textquoteright}, the authors refer to a concept represented in the image. The purpose of this paper is to evaluate the performances of relevance feedback techniques in content-based image retrieval scenarios with multi-tag datasets, as typically performances are assessed on single-tag dataset. Thus, the authors show how relevance feedback mechanisms are able to adapt the search to user{\textquoteright}s needs either in the case an image is used as an example for retrieving images each bearing different concepts, or the sample image is used to retrieve images containing the same set of concepts. In this paper, the authors also propose two novel performance measures aimed at comparing the accuracy of retrieval results when an image is used as a prototype for a number of different concepts.

We investigate a family of poisoning attacks against Support Vector\ Machines (SVM). Such attacks inject specially crafted training data\ that increases the SVM{\textquoteright}s test error. Central to the motivation for\ these attacks is the fact that most learning algorithms assume that\ their training data comes from a natural or well-behaved\ distribution. \ However, this assumption does not generally hold in\ security-sensitive settings. As we demonstrate, an intelligent\ adversary can, to some extent, predict the change of the SVM{\textquoteright}s\ decision function due to malicious input and use this ability to\ construct malicious data.

\

The proposed attack uses a gradient ascent strategy in which the\ gradient is computed based on properties of the SVM{\textquoteright}s optimal\ solution. \ This method can be kernelized and enables\ the attack to be constructed in the input space even for\ non-linear kernels. We experimentally demonstrate that our gradient\ ascent procedure reliably identifies good local maxima of the\ non-convex validation error surface, which significantly increases\ the classifier{\textquoteright}s test error.

This paper presents the first participation of the Pattern Recognition and Application Group (PRA Group), and the Ambient Intelligence Lab (AmILAB) at the ImageCLEF 2012 Photo Flickr Concept Annotation Task. In this task, the teams{\textquoteright} goal is to detect the presence of 94 concepts in the images, and to provide a confidence score related to the confidence of the decision of each concept detector. We faced the challenge by relying on visual information only, combining different image descriptors by means of different score combination techniques. Experimental results show that just combining concept detectors not specifically designed for handling the large variety of concepts does not allow reaching satisfactory results.

Multimodal biometric systems are commonly believed to be more robust to spoofing attacks than unimodal systems, as they combine information coming from different biometric traits. Recent work has shown that multimodal systems can be misled by an impostor even by spoofing only one biometric trait. This result was obtained under a {\textquoteleft}worst-case{\textquoteright} scenario, by assuming that the distribution of fake scores is identical to that of genuine scores (i.e. the attacker is assumed to be able to perfectly replicate a genuine biometric trait). This assumption also allows one to evaluate the robustness of score fusion rules against spoofing attacks, and to design robust fusion rules, without the need of actually fabricating spoofing attacks. However, whether and to what extent the {\textquoteleft}worst-case{\textquoteright} scenario is representative of real spoofing attacks is still an open issue. In this study, we address this issue by an experimental investigation carried out on several data sets including real spoofing attacks, related to a multimodal verification system based on face and fingerprint biometrics. On the one hand, our results confirm that multimodal systems are vulnerable to attacks against a single biometric trait. On the other hand, they show that the {\textquoteleft}worst-case{\textquoteright} scenario can be too pessimistic. This can lead to two conservative choices, if the {\textquoteleft}worst-case{\textquoteright} assumption is used for designing a robust multimodal system. Therefore developing methods for evaluating the robustness of multimodal systems against spoofing attacks, and for designing robust ones, remain a very relevant open issue.

Pattern recognition and machine learning techniques are also used in adversarial settings, like biometric authentication, network intrusion detection, and spam filtering, in which intelligent and adaptive adversaries may manipulate data to undermine their operation. This behaviour raises three main open problems: (i) understanding potential vulnerabilities of pattern recognition techniques; (ii) evaluating their security, namely, the performance degradation under the corresponding attacks; and (iii) developing pattern recognition systems robust to attacks. In this work we summarize our contributions to the field, in particular, to the security evaluation of classifiers in adversarial settings. We shortly discuss the main aspects of a framework which we have recently proposed to address this issue, and present three examples in the above mentioned applications. Further, we briefly discuss our experimental findings related to the security of multimodal biometric systems, where fake biometric traits can be used to mislead user verification. These results were obtained in the context of the FP 7 European Project {\textquotedblleft}Tabula Rasa{\textquotedblright}, in which our research group is involved.

The security of web services is nowadays one of the major concerns for Internet users. Web services may manage confidential information, monetary transactions, or even health-critical systems, such as those employed in public airports or hospitals. A key problem of web services is that they should work as expected even in the presence of malicious inputs. Unfortunately, with the increasing complexity of web services, this task becomes more and more challenging. In this paper we present SuStorID, a pattern recognition system which is able to model legitimate inputs towards web services, given a sample of web traffic. If anomalous inputs are detected, web services are protected according to a set of anomaly templates. Our experiments, performed on a production environment, highlight that our system can accurately detect web attacks and help security operators to protect their web services against known and unknown attacks.

Nowadays very large archives of digital images are easily produced thanks to the wide availability of digital cameras, that are often embedded into a number of portable devices. One of the ways of exploring an image archive is to search for similar images. Relevance feedback mechanisms can be employed to refine the search, as the most similar images according to a set of visual features may not contain the same semantic concepts according to the users{\textquoteright} needs. Relevance feedback allows users to label the images returned by the system as being relevant or not. Then, this labelled set is used to learn the characteristics of relevant images. As the number of images provided to users to receive feedback is usually quite small, and relevant images typically represent a tiny fraction, it turns out that the learning problem is heavily imbalanced. In order to reduce this imbalance, this paper proposes the use of techniques aimed at artificially increasing the number of examples of the relevant class. The new examples are generated as new points in the feature space so that they are in agreement with the local distribution of the available relevant examples. The locality of the proposed approach makes it quite suited to relevance feedback techniques based on the Nearest-Neighbor (NN) paradigm. The effectiveness of the proposed approach is assessed on two image datasets and comparisons with editing techniques that eliminate redundancies in non-relevant examples are also reported.

In this paper we present a new model of semantic features\ that, unlike previously presented methods, does not rely on the presence\ of a labeled training data base, as the creation of the feature extraction\ function is done in an unsupervised manner.\ We test these features on an unsupervised classification (clustering) task,\ and show that they outperform primitive (low-level) features, and that\ have performance comparable to that of supervised semantic features,\ which are much more expensive to determine relying on the presence of\ a labeled training set to train the feature extraction function.

The term adaptive biometric systems refers to biometric recognition systems in which an algorithm aimed to follow variations of the clients appearance has been implemented. Among others, the self update algorithm is used when only one biometric is available, and is able to add to the clients gallery novel data collected during system operation, on the basis of a updating threshold: if the novel data, compared with existing template(s), provide a matching score higher than the given threshold, they are added to the gallery. In order to avoid misclassification errors, thus inserting impostors into the clients gallery, this threshold is very conservative. Self-update algorithm has shown to be effective for many biometrics. However, no work tried to explain, so far, why self-update should work, in particular when a very conservative update threshold is used (zeroFAR threshold). This is the goal of the present paper, which provides a conceptual explanation of the self update mechanism coupled with a set of experiments on a publicly available data set explicitly designed for studying adaptive biometric systems.

We investigate the implementation of multi-label classification algorithms with a reject option, as a mean to reduce the time required to human annotators and to attain a higher classification accuracy on automatically classified samples than the one which can be obtained without a reject option. Based on a recently proposed model of manual annotation time, we identify two approaches to implement a reject option, related to the two main manual annotation methods: browsing and tagging. In this paper we focus on the approach suitable to tagging, which consists in withholding either all or none of the category assignments of a given sample. We develop classification reliability measures to decide whether rejecting or not a sample, aimed at maximising classification accuracy on non-rejected ones. We finally evaluate the trade-off between classification accuracy and rejection rate that can be attained by our method, on three benchmark data sets related to text categorisation and image annotation tasks.

While it is known that multiple classifier systems can be effective also in multi-label problems, only the classifier fusion approach has been considered so far. In this paper we focus on the classifier selection approach instead. We discuss a specific selection strategy for ensembles of multi-label classifiers, based on selecting one or more two-class classifiers for each class, possibly coming from different multi-label classifiers. We then derive static selection criteria based on the F measure, which is widely used in multi-label problems. Preliminary experimental results show that the considered selection strategy can effectively exploit the complementarity between the multi-label classifiers on the different classes. They also show that the derived selection criteria can improve the trade-off between the macro- and micro-averaged F measure, despite it is known that an increase in either of them is usually attained at the expense of the other one.

In this paper we propose a novel approach to combine information form multiple high-dimensional feature spaces, which allows reducing the computational time required for image retrieval tasks. Each image is represented in a "(dis)similarity space", where each component is computed in one of the low-level feature spaces as the (dis)similarity of the image from one reference image. This new representation allows the distances between images belonging to the same class being smaller than in the original feature spaces. In addition, it allows computing similarities between images by taking into account multiple characteristics of the images, and thus obtaining more accurate retrieval results. Reported results show that the proposed technique allows attaining good performances not only in terms of precision and recall, but also in terms of the execution time, if compared to techniques that combine retrieval results from different feature spaces.

A rapid diffusion of stereoscopic image acquisition devices is expected in the next years. Among the different potential applications that depth information can enable, in this paper we focus on its exploitation as a novel information source in the task of scene classification, and in particular to discriminate between indoor and outdoor images. This issue has not been addressed so far in the literature, probably because the extraction of depth information from two-dimensional images is a computationally demanding task. However, new-generation stereo cameras will allow a very fast computation of depth maps. We experimentally show that depth information alone provides a discriminant capability between indoor and outdoor images close to state-of-the art methods based on colour, edge and texture information, and that it allows to improve their performance, when it is used as an additional information source.

Person re-identification is the task of recognizing an individual that has already been observed over a network of video-surveillance cameras. Methods proposed in literature so far addressed this issue as a classical matching problem: a descriptor is built directly from the view of the person, and a similarity measure between descriptors is defined accordingly.\ In this work, we propose a general dissimilarity framework for person re-identification, aimed at transposing a generic method for person re-identification based to the commonly adopted multiple instance representation, into a dissimilarity form. Individuals are thus represented by means of dissimilarity values, in respect to common prototypes. Dissimilarity representations carry appealing advantages, in particular the compactness of the resulting descriptor, and the extremely low time required to match two descriptors. Moreover, a dissimilarity representation enables various new applications, some of which are depicted in the paper.\ An experimental evaluation of the proposed framework applied to an existing method is provided, which clearly shows the advantages of dissimilarity representations in the context of person re-identification.

We faced the problem of detecting 2-D face spoofing attacks performed by placing a printed photo of a real user in front of the camera. For this type of attack it is not possible to relay just on the face movements as a clue of vitality because the attacker can easily simulate such a case, and also because real users often show a {\textquotedblleft}low vitality{\textquotedblright} during the authentication session. In this paper, we perform both video and static analysis in order to employ complementary information about motion, texture and liveness and consequently to obtain a more robust classification.

Nowadays the security of Web applications is one of the key topics in Computer Security. Among all the solutions that have been proposed so far, the analysis of the HTTP payload at the byte level has proven to be effective as it does not require the detailed knowledge of the applications running on the Web server. The solutions proposed in the literature actually achieved good results for the detection rate, while there is still room for reducing the false positive rate.To this end, in this paper we propose HMMPayl, an IDS where the payload is represented as a sequence of bytes, and the analysis is performed using Hidden Markov Models (HMM). The algorithm we propose for feature extraction and the joint use of HMM guarantee the same expressive power of n-gram analysis, while allowing to overcome its computational complexity.In addition, we designed HMMPayl following the Multiple Classifiers System paradigm to provide for a better classification accuracy, to increase the difficulty of evading the IDS, and to mitigate the weaknesses due to a non optimal choice of HMM parameters. Experimental results, obtained both on public and private datasets, show that the analysis performed by HMMPayl is particularly effective against the most frequent attacks toward Web applications (such as XSS and SQL-Injection). In particular, for a fixed false positive rate, HMMPayl achieves a higher detection rate respect to previously proposed approaches it has been compared with.

Nowadays, a very large number of digital image archives is easily produced thanks to the wide diffusion of personal digital cameras and mobile devices with embedded cameras. Thus, each personal computer, personal storage unit, as well as photo-sharing and social-network web sites, are rapidly becoming the repository for thousands, or even billions of images (i.e., more than 100 million photos are uploaded every day on the social site Facebook). As a consequence, there is an increasing need for tools enabling the semantic search, classification, and retrieval of images. The use of meta-data associated to images solves the problems only partially, as the process of assigning reliable meta data to images is not trivial, is slow, and closely related to whom performed the task. One solution for effective image search and retrieval is to combine content-based analysis with feedbacks from the users. In this paper we present Image Hunter, a tool that implements a Content Based Image Retrieval (CBIR) engine with a Relevance Feedback mechanism. Thanks to a user friendly interface the tool is especially suited to unskilled users. In addition, the modular structure permits the use of the same core both in web-based and stand alone applications.

Due to its uniqueness and potential in forensic applications, the sensor pattern noise (SPN) has drawn much attention in the digital forensic community and academia in the past few years. While much work has been done on the application of the SPN, little investigation into its characteristics has been reported in the literature. It is our intention to fill this gap by providing insight into the dependency of the SPN quality on\ the location in images. We have observed that the SPN components at the image periphery are distorted to the extent that when used for source camera identification, they tend to\ cause higher false positive rates. Empirical evidence is presented in this work. We suspect that this location-dependent SPN quality degradation has strong connection\ with the vignetting effect as they exhibit the same type of location-dependency. We recommend that when image blocks are to be used for forensic investigation, they should be taken from the image centre before SPN extraction is performed in order to reduce false positive rate.

In this paper, we discuss the role that machine learning can play in computer forensics. We begin our analysis by considering the role that machine learning has gained in computer security applications, with the aim of aiding the computer forensics community in learning the lessons from the experience of the computer security community. Afterwards, we propose a brief literature review, with the purpose of illustrating the areas of computer forensics where machine learning techniques have been used until now. Then, we remark the technical requirements that should be meet by tools for computer security and computer forensics applications, with the goal of illustrating in which way machine learning algorithms can be of any practical help. We intend this paper to foster applications of machine learning in computer forensics, and we hope that the ideas in this paper may represent promising directions to pursue in the quest for more efficient and effective computer forensics tools.

In this paper we propose an Intrusion Detection System (IDS) for the detection of attacks against a web server. The system analyzes the requests received by a web server, and is based on a two-stages classification algorithm that heavily relies on the MCS paradigm. In the first stage the structure of the HTTP requests is modeled using several ensembles of Hidden Markov Models. Then, the outputs of these ensembles are combined using a one-class classification algorithm. We evaluated the system on several datasets of real traffic and real attacks. Experimental results, and comparisons with state-of.the.art detection systems show the effectiveness of the proposed approach.

Person re-identification consists in recognizing an individual that has already been observed over a network of cameras. It is a novel and challenging research topic in computer vision, for which no reference framework exists yet. Despite this, previous works share similar representations of human body based on part decomposition and the implicit concept of multiple instances. Building on these similarities, we propose a Multiple Component Matching (MCM) framework for the person re-identification problem, which is inspired by Multiple Component Learning, a framework recently proposed for object detection. We show that previous techniques for person re-identification can be considered particular implementations of our MCM framework. We then present a novel person re-identification technique as a direct, simple implementation of our framework, focused in particular on robustness to varying lighting conditions, and show that it can attain state of the art performances.

Recent works have shown that, contrary to a common belief, multi-modal biometric systems may be {\textquotedblleft}forced{\textquotedblright} by an impostor by submitting a spoofed biometric replica of a genuine user to only one of the matchers. Although those results were obtained under a worst-case scenario when the attacker is able to replicate the exact appearance of the true biometric, this raises the issue of investigating more thoroughly the robustness of multimodal systems against spoof attacks and devising new methods to design robust systems against them. To this aim, in this paper we propose a robustness evaluation method which takes into account also scenarios more realistic than the worst-case one. Our method is based on an analytical model of the score distribution of fake traits, which is assumed to lie between the one of genuine and impostor scores, and is parametrised by a measure of the relative distance to the distribution of impostor scores, we name {\textquotedblleft}fake strength{\textquotedblright}. Varying the value of such parameter allows one to simulate the different factors which can affect the distribution of fake scores, like the ability of the attacker to replicate acertain biometric. Preliminary experimental results on real bimodal biometric data sets made up of faces and fingerprints show that the widely used LLR rule can be highly vulnerable to spoof attacks against one only matcher, even when the attack has a low fake strength.

In spite of many advantages, multi-modal biometric recognition systems are vulnerable to spoof attacks, which can decrease their level of security. Thus, it is fundamental to understand and analyse the effects of spoof attacks and propose new methods to design robust systems against them. To this aim, we are developing a method based on simulating the fake score distributions of individual matchers, to evaluate the relative robustness of different score fusion rules. We model the score distribution of fake traits by assuming it lies between the one of genuine and impostor scores, and parametrize it by a measure of the relative distance to the latter, named attack strength. Different values of the attack strength account for the many different factors which can affect the distribution of fake scores. In this paper we present preliminary results aimed at evaluating the capability of our model to approximate realistic fake score distributions. To this aim we use a data set made up of faces and fingerprints, including realistic spoof attacks traits.

Spoof attacks consist in submitting fake biometric traits to biometric systems, and are a major threat that can curtail their security. Multi-modal biometric systems are commonly believed to be intrinsically more robust to spoof attacks, but recent works have shown that they can be evaded by spoofing even a single biometric trait. This result was however obtained under the worst-case scenario that the attacker is able to fabricate an exact replica of the genuine biometric trait, which was simulated by assuming that the matching score distribution of fake traits is identical to the one of genuine users. This demands for a more thorough investigation of the robustness of multimodal biometric systems against realistic spoof attacks, namely, under non-worst case scenarios. In this paper we focus on bimodal systems made up of a face and a fingerprint matcher, whose scores are fused using the well-known sum, product, weighted sum and likelihood ratio (LLR) rules. We evaluate their robustness against realistic spoof attacks obtained by fabricating fake biometric traits. The main goal of our study is to investigate whether a realistic spoof attack against both modalities can allow the attacker to crack the multimodal system. Our results show that even in a realistic, non-worst case scenario, the false acceptance rate (FAR) remarkably increases.

Recent works have shown that multi-modal biometric systems are not robust against spoofing attacks. However, this conclusion has been obtained under the hypothesis of a {\textquotedblleft}worst case{\textquotedblright} attack, where the attacker is able to replicate perfectly the genuine biometric traits. Aim of this paper is to analyse the robustness of some multi-modal verification systems, combining fingerprint and face biometrics, under realistic spoofing attacks, in order to investigate the validity of the results obtained under the worst-case attack assumption.

This paper proposes a study on the evaluation of relevance feedback approaches when a multi-tagged dataset is available. The aim of this study is to verify how the relevance feedback works in a real-word scenario, i.e. by taking into account the multiple concepts represented by the query image. To this end, we first assessed how relevance feedback mechanisms adapt the search when the same image is used for retrieving different concepts. Then, we investigated the scenarios in which the same image is used for retrieving multiple concepts. The experimental results shows that relevance feedback can effectively focus the search according to the user{\textquoteright}s feedback even if the query image provides a rough example of the target concept. We also propose two performance measures aimed at comparing the accuracy of retrieval results when the same image is used as a prototype for a number of different concepts.

Spoofing is an open-issue for fingerprint recognition systems. It consists in submitting an artificial fingerprint replica from a genuine user. Current sensors provide an image which is then processed as a {\textquotedblleft}true{\textquotedblright} fingerprint. Recently, the so-called 3rd-level features, namely, pores, which are visible in high-definition fingerprint images, have been used for matching. In this paper, we propose to analyse pores location for characterizing the {\textquotedblleft}liveness{\textquotedblright} of fingerprints. Experimental results on a large dataset of spoofed and live fingerprints show the benefits of the proposed approach.

Web servers and server-side applications constitute the key components of modern Internet services. We present a pattern recognition system to the detection of intrusion\ attempts that target such components. Our system is anomaly-based, i.e., we model the\ normal (legitimate) traffic and intrusion attempts are identified as anomalous traffic. In\ order to address the presence of attacks (noise) inside the training set we employ an ad-hoc\ outlier detection technique. This approach does not require supervision and allows us to\ accurately detect both known and unknown attacks against web services.\

Zero-days attacks are one of the most dangerous threats against computer networks. These, by definition, are attacks never seen before. Thus, defense tools based on a database of rules (usually referred as {\textquotedblleft}signatures{\textquotedblright}) that describe known attacks cannot do anything against them. Recently, defense tools based on machine learning algorithms have gained an increasing popularity as they offer the possibility to fight off also zero-days attacks. In this paper we propose HMMPayl, an anomaly based Intrusion Detection System for the protection of a web server and of the applications the server hosts. HMMPayl analyzes the network traffic toward the web server and it is based on Hidden Markov Models. With this paper we provide for several contributions. First, the algorithm implemented by HMMPayl allows to carefully model the payload increasing the classification accuracy with respect to previously proposed solutions. Second, we show that an approach based on multiple classifiers leads to an increased classification accuracy with respect to the case where a single classifier is used. Third, exploiting the redundancy within the information extracted from the payload we propose a solution to reduce the computational cost of the algorithm.

It is widely acknowledged that good performances of content-based image retrieval systems can be attained by adopting relevance feedback mechanisms. One of the main difficulties in exploiting relevance information is the availability of few relevant images, as users typically label a few dozen of images, the majority of them often being non-relevant to user{\textquoteright}s needs. In order to boost the learning capabilities of relevance feedback techniques, this paper proposes the creation of points in the feature space which can be considered as representation of relevant images. The new points are generated taking into account not only the available relevant points in the feature space, but also the relative positions of non-relevant ones. This approach has been tested on a relevance feedback technique, based on the Nearest-Neighbor classification paradigm. Reported experiments show the effectiveness of the proposed technique relatively to precision and recall.

},
keywords = {cbir00},
url = {http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5617659},
author = {Luca Piras and Giorgio Giacinto}
}
@inbook { 1036,
title = {Moving Targets - When Data Classes Depend on Subjective Judgement, or They Are Crafted by an Adversary to Mislead Pattern Analysis Algorithms - The Cases of Content Based Image Retrieval and Adversarial Classification},
booktitle = {Advances in Data Mining. Applications and Theoretical Aspects},
volume = {LNCS 6171},
year = {2010},
pages = {1-16},
publisher = {Springer-Verlag},
organization = {Springer-Verlag},
abstract = {The vast majority of pattern recognition applications assume that data can be subdivided into a number of data classes on the basis of the values of a set of suitable features. Supervised techniques assume the data classes are given in advance, and the goal is to find the most suitable set of feature and classification algorithm that allows the effective partition of the data. On the other hand, unsupervised techniques allow discovering the {\textquotedblleft}natural{\textquotedblright} data classes in which data can be partitioned, for a given set of features.These approaches are showing their limitation to handle the challenges issued by applications where, for each instance of the problem, patterns can be assigned to different data classes, and the definition itself of data classes is not uniquely fixed. As a consequence, the set of features providing for an effective discrimination of patterns, and the related discrimination rule, should be set for each instance of the classification problem. Two applications from different domains share similar characteristics: Content-Based Multimedia Retrieval and Adversarial Classification. The retrieval of multimedia data by content is biased by the high subjectivity of the concept of similarity. On the other hand, in an adversarial environment, the adversary carefully craft new patterns so that they are assigned to the incorrect data class. In this paper, the issues of the two application scenarios will be discussed, and some effective solutions and future reearch directions will be outlined.},
isbn = {978-3-642-14399-1},
author = {Giorgio Giacinto},
editor = {Petra Perner}
}
@article {biggio10-ijmlc,
title = {Multiple Classifier Systems for Robust Classifier Design in Adversarial Environments},
journal = {Journal of Machine Learning and Cybernetics},
volume = {1},
year = {2010},
pages = {27{\textendash}41},
publisher = {Springer Berlin / Heidelberg},
keywords = {adversarial classification, mcs00, mcs01, multiple classifier system, robust classifier design},
url = {http://www.springerlink.com/content/r76u51062q68053n/},
author = {Battista Biggio and Giorgio Fumera and Fabio Roli}
}
@conference { 805,
title = {Multiple Classifier Systems under Attack},
booktitle = {9th Int. Workshop on Multiple Classifier Systems (MCS 2010)},
volume = {5997},
year = {2010},
note = {

In adversarial classification tasks like spam filtering, intrusion detection in computer networks and biometric authentication, a pattern recognition system must not only be accurate, but also robust to manipulations of input samples made by an adversary to mislead the system itself. It has been recently argued that the robustness of a classifier could be improved by avoiding to overemphasize or underemphasize input features on the basis of training data, since at operation phase the feature importance may change due to modifications introduced by the adversary. In this paper we empirically investigate whether the well known bagging and random subspace methods allow to improve the robustness of linear base classifiers by producing more uniform weight values. To this aim we use a method for performance evaluation of a classifier under attack that we are currently developing, and carry out experiments on a spam filtering task with several linear base classifiers.

Serial, or sequential, fusion of multiple biometric matchers has been not thoroughly investigated so far. However, this approach exhibits some advantages with respect to the widely adopted parallel approaches. In this paper, we propose a novel theoretical framework for the assessment of performance of such systems, based on a previous work of the authors. Benefits in terms of performance are theoretically evaluated, as well as estimation errors in the model parameters computation. Model is analyzed from the viewpoint of its pros and cons, by mean of preliminary experiments performed on NIST Biometric Score Set 1.

Nowadays very large archives of digital images can be easily produced thanks to the availability of digital cameras as stand-alone devices, or embedded into a number of portable devices. Each personal computer is typically a repository for thousands of images, while the Internet can be seen as a very large repository. One of the most severe problems in the classification and retrieval of images from very large repositories is the very limited number of elements belonging to each semantic class compared to the number of images in the repository. As a consequence, an even smaller fraction of images per semantic class can be used as training set in a classification problem, or as a query in a content-based image retrieval problem. In this paper we propose a technique aimed at artificially increasing the number of examples in the training set in order to improve the learning capabilities, reducing the unbalance between the semantic class of interest, and all other images. The proposed approach is tailored to classification and relevance feedback techniques based on the Nearest-Neighbor paradigm. A number of new points in the feature space are created based on the available training patterns, so that they better represent the distribution of the semantic class of interest. These new points are created according to the k-NN paradigm, and take into account both relevant and non-relevant images with respect to the semantic class of interest. The proposed approach allows increasing the generalization capability of NN techniques, and mitigates the risk of classifier over-training on few patterns. Reported experiments show the effectiveness of the proposed technique in Content-Based Image Retrieval tasks, where the Nearest-Neighbor approach is used to exploit users relevance feedback. The improvement in precision and recall gained in one feature space allows also to outperform the improvement in performances attained by combining different feature spaces.

},
month = {07/2009},
address = {Baoding, Hebei, China},
keywords = {adversarial classification, adversarial learning},
url = {http://prag.diee.unica.it/pra/system/files/FRoli_ICMLC09.pdf},
author = {Fabio Roli}
}
@inbook { 800,
title = {Bayesian Linear Combination of Neural Networks},
booktitle = {Innovations in Neural Information Paradigms and Applications},
volume = {247},
year = {2009},
pages = {201-230},
publisher = {Springer Berlin / Heidelberg},
organization = {Springer Berlin / Heidelberg},
chapter = {9},
keywords = {mcs00, mcs01, Multiple Classifier Systems, neural networks},
url = {http://www.springerlink.com/content/k10lr75t83221846/},
author = {Battista Biggio and Giorgio Fumera and Fabio Roli},
editor = {Monica Bianchini and Marco Maggini and Franco Scarselli and Lakhmi C. Jain}
}
@article { 232,
title = {Designing multiple biometric systems: measures of ensemble effectiveness},
journal = {Engineering Applications of Artificial Intelligence},
volume = {22},
year = {2009},
pages = {66-78},
publisher = {Elsevier},
abstract = {An {\textquotedblleft}expert{\textquotedblright} for biometric authentication systems is made up of three components: a biometric sensor, a feature extraction module, and a matching algorithm. As in many application the performance attained by individual experts does not provide the required reliability, improvements can be provided by the combination of different experts. However, there is no guarantee that the combination of any ensemble of experts provides superior performance than those of individual experts. Thus, it would be useful to have some measures to select the experts to be combined. In this paper, we present an experimental evaluation of the correlation between the measures of ensemble effectiveness of the experts to be combined, and the final performance achieved by the combined system. These measures of ensemble effectiveness are based on four performance measures of the individual experts, namely the AUC, the EER, the d', and a score dissimilarity measure. Then, we considered four combination methods, i.e. the mean rule, the product rule, the dynamic score selection technique, and a linear combination based on the linear discriminant analysis. Reported results show that the measure of ensemble effectiveness based on the d' is the most effective to select the members of an ensemble of experts.},
keywords = {Area under the ROC curve, AUC, bio00, biometrics, d', Ensemble of experts, Equal error rate, Expert selection, mcs00, mcs02, Multi-modal biometric, ROC analysis, Score dissimilarity},
url = {http://dx.doi.org/10.1016/j.engappai.2008.04.007},
author = {Roberto Tronci and Giorgio Giacinto and Fabio Roli}
}
@conference { 787,
title = {Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces},
booktitle = {Annual Computer Security Applications Conference (ACSAC)},
year = {2009},
month = {07/12/2009},
address = {Honolulu, Hawaii, USA},
abstract = {

In this paper we propose a novel, passive approach for detecting and tracking malicious flux service networks. Our detection system is based on passive analysis of recursive DNS (RDNS) traffic traces collected from multiple large networks. Contrary to previous work, our approach is not limited to the analysis of suspicious domain names extracted from spam emails or precompiled domain blacklists. Instead, our approach is able to detect malicious flux service networks in-the-wild, i.e., as they are accessed by users who fall victims of malicious content advertised through blog spam, instant messaging spam, social website spam, etc., beside email spam. We experiment with the RDNS traffic passively collected at two large ISP networks. Overall, our sensors monitored more than 2.5 billion DNS queries per day from milions of distinct source IPs for a period of 45 days. Our experimental results show that the proposed approach is able to accurately detect malicious flux service networks. Furthermore, we show how our passive detection and tracking of malicious flux service networks may benefit spam filtering applications.

In two-class score-based problems the combination of scores from an ensemble of experts is generally used to obtain distributions for positive and negative patterns that exhibit a larger degree of separation than those of the scores to be combined. Typically, combination is carried out by a \"static\" linear combination of scores, where the weights are computed by maximising a performance function. These weights are equal for all the patterns, as they are assigned to each of the expert to be combined. In this paper we propose a \"dynamic\" formulation where the weights are computed individually for each pattern. Reported results on a biometric dataset show the effectiveness of the proposed combination methodology with respect to \"static\" linear combinations and trained combination rules.

The problem of biometric template representativeness has recently attracted much attention with the introduction of several template update methods. Automatic template update methods adapt themselves to the intra-class variations of the input data. However, it is possible to hypothesize that the effect of template updating may not be the same for all the clients due to different characteristics of clients present in the biometric database. The goal of this paper is to investigate this hypothesis by explicitly partitioning the database clients into different groups of the~ {\textquotedblleft}Doddington{\textquoteright}s zoo{\textquotedblright} as a function of their {\textquotedblleft}intrinsic{\textquotedblright} characteristics and studying the effect of state of art template {\textquotedblleft}self update{\textquotedblright} procedure on these different groups. Experimental evaluations on Equinox database with a face verification system based on EBGM algorithm shows the strong evidence of non-uniform update effects on different clients classes and suggest to adapt the update procedures according to the client{\textquoteright}s characteristics.

Soft biometrics~ have been recently proposed for improving the verification performance of biometric recognition systems. Examples of soft biometrics are skin, eyes, hair colour, height, and ethnicity. Some of them are often cheaper than {\textquotedblleft}hard{\textquotedblright}, standard, biometrics (e.g., face and fingerprints) to extract. They exhibit a low discriminant power for recognising persons, but can add some evidences about the personal identity, and can be useful for a particular set of users. In particular, it is possible to argue that users with a certain high discriminant soft biometric can be better recognized. Identifying such users could be useful to exploit soft biometrics at the best, as deriving an appropriate methodology for embedding soft biometric information into the score computed by the main biometric. In this paper, we propose a group-specific algorithm to exploit soft biometric information in a biometric verification system. Our proposal is exemplified using hair colour and ethnicity as soft biometrics and face as biometric. ~Hair colour and information about ethnicity can be easily extracted from face images, and used only for a small number of users with highly discriminant hair colour or ethnicity. We show by experiments that for those users hair colour, or ethnicity, strongly contributes to reduce the false rejection rate without a significant impact on the false acceptance rate, whilst the performance does not change for the other users.

Nowadays, the web-based architecture is the most frequently used for a wide range of internet services, as it allows to easily access and manage information and software on remote machines. The input of web applications is made up of queries, i.e. sequences of pairs attribute{\textleftarrow}value. A wide range of attacks exploits web application vulnerabilities, typically derived from input validation flaws.

In this work we propose a new formulation of query analysis through Hidden Markov Models (HMM) and show that HMM are effective in detecting a wide range of either known or unknown attacks on web applications. In addition, despite previous works, we explicitly address the problem related to the presence of noise (i.e., attacks) in the training set. Finally, we show that performance can be increased when a sequence of symbols is modelled by an ensemble of HMM. Experimental results on real world data, show the effectiveness of the proposed system in terms of very high detection rates and low false alarm rates.

Anomaly-based network Intrusion Detection Systems (IDS) are valuable tools for the defense-in-depth of computer networks. Unsupervised or unlabeled learning approaches for network anomaly detection have been recently proposed. Such anomaly-based network IDS are able to detect (unknown) zero-day attacks, although much care has to be dedicated to controlling the amount of false positives generated by the detection system. As a matter of fact, it is has been shown that the false positive rate is the true limiting factor for the performance of IDS, and that in order to substantially increase the Bayesian detection rate, P(Intrusion|Alarm), the IDS must have a very low false positive rate (e.g., as low as 10-5 or even lower).In this paper we present McPAD (Multiple-Classifier Payload-based Anomaly Detector), a new accurate payload-based anomaly detection system that consists of an ensemble of one-class classifiers. We show that our anomaly detector is very accurate in detecting network attacks that bear some form of shell-code in the malicious payload. This holds true even in the case of polymorphic attacks and for very low false positive rates. Furthermore, we experiment with advanced polymorphic blending attacks and we show that in some cases even in the presence of such sophisticated attacks and for a low false positive rate our IDS still has a relatively high detection rate.

Pattern classification systems are currently used in security applications like intrusion detection in computer networks, spam filtering and biometric identity recognition. These are adversarial classification problems, since the classifier faces an intelligent adversary who adaptively modifies patterns (e.g., spam e-mails) to evade it. In these tasks the goal of a classifier is to attain both a high classification accuracy and a high hardness of evasion, but this issue has not been deeply investigated yet in the literature. We address it under the viewpoint of the choice of the architecture of a multiple classifier system. We propose a measure of the hardness of evasion of a classifier architecture, and give an analytical evaluation and comparison of an individual classifier and a classifier ensemble architecture. We finally report an experimental evaluation on a spam filtering task.

High retrieval precision in content-based image retrieval can be attained by adopting relevance feedback mechanisms. In this paper we propose a weighted similarity measure based on the nearest-neighbor relevance feedback technique that the authors proposed elsewhere. Each image is ranked according to a relevance score depending on nearest-neighbor distances from relevant and non-relevant images. Distances are computed by a weighted measure, the weights being related to the capability of feature spaces of representing relevant images as nearest-neighbors. This approach is proposed to weights individual features, feature subsets, and also to weight relevance scores computed from different feature spaces. Reported results show that the proposed weighting scheme improves the performances with respect to unweighed distances,
and to other weighting schemes.

},
keywords = {cbir00},
url = {http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=\&arnumber=5031477\&queryText\%3DNeighborhood-based+feature+weighting+for+relevance+feedback+in+content-based+retrieval.},
author = {Luca Piras and Giorgio Giacinto}
}
@article { 772,
title = {One-class classification for oil spill detection},
journal = {Pattern Analysis and Applications},
year = {2009},
month = {07/2009},
author = {A. Gambardella and Giorgio Giacinto and M. Migliaccio and A. Montali}
}
@article { 744,
title = {Personal identity verification by serial fusion of fingerprint and face matchers},
journal = {Pattern Recognition},
volume = {42},
year = {2009},
pages = {2807-2817},
publisher = {Elsevier},
abstract = {The use of personal identity verification systems with multi-modal biometrics has been proposed in order to increase the performance and robustness against environmental variations and fraudulent attacks. Usually multi-modal fusion of biometrics is performed in parallel at the score-level by combining the individual matching scores. This parallel strategy exhibits some drawbacks: (i) all available biometrics are necessary to perform fusion, thus the verification time depends on the slowest system;~ (ii) some users could be easily recognizable using a certain biometric instead of another one; (iii) the system invasiveness increases. A system characterized by the serial combination of multiple biometrics can be a good trade-off between verification time, performance and acceptability. However, these systems have been poorly investigated, and no support for designing the processing chain has been given so far. In this paper, we propose a novel serial scheme and a simple mathematical model able to predict the performance of two serially combined matchers as function of the selected processing chain. Our model helps the designer in finding the processing chain allowing a trade-off, in particular, between performance and matching time. Experiments carried out on well-known benchmark data sets made up of face and fingerprint images support the usefulness of the proposed methodology and compare it with standard parallel fusion.},
keywords = {bio02, face, fingerprint, fusion, serial},
author = {Gian Luca Marcialis and Fabio Roli and Luca Didaci}
}
@conference { 748,
title = {Semi-supervised co-update of multiple matchers},
booktitle = {8th International Workshop on Multiple Classifiers Systems},
year = {2009},
month = {10/06/2009},
address = {Reykijavik (Iceland)},
abstract = {

Classification algorithms based on template matching are used in many applications (e.g., face recognition). Performances of template matching classifiers are obviously affected by the representativeness of available templates. In many real applications, such representativeness can substantially decrease over the time (e.g., due to {\textquotedblleft}aging{\textquotedblright} effects in biometric applications). Among algorithms which have been recently proposed to deal with such issue, the template co-update algorithm uses the mutual help of two complementary template matchers to update the templates over the time in a semi-supervised way. However, it can be shown that the template co-update algorithm derives from a more general framework which supports the use of more than two template matching classifiers. The aim of this paper is to point out this fact and propose the co-update of multiple matchers. Preliminary experimental results are shown to validate the proposed model.

Template representativeness is a fundamental problem in a biometric recognition system. The performance of the system degrades if the enrolled templates are un-representative of the substantial intra-class variations encountered in the input biometric samples. Recently, several template updates methods based on supervised and semi-supervised learning have been proposed in the literature with an aim to update the enrolled templates to the intra-class variations of the input data. However, the state of art related to template update is still in its infancy. This paper presents a critical review of the current approaches to template updating in order to analyze the state of the art in terms of advancement reached and open issues remain.

},
keywords = {bio04, biometrics},
author = {Ajita Rattani and Biagio Freni and Gian Luca Marcialis and Fabio Roli},
editor = {Massimo Tistarelli}
}
@conference { 780,
title = {Training SpamAssassin with Active Semi-supervised Learning},
booktitle = {6th Conference on Email and Anti-Spam (CEAS 2009)},
year = {2009},
month = {16/07/2009},
address = {Mountain View, CA, USA},
keywords = {doc00, doc02, spam filtering},
author = {Jun-Ming Xu and Giorgio Fumera and Fabio Roli and Zhi-Hua Zhou}
}
@inbook { 35,
title = {Adaptive biometric systems that can improve with use},
booktitle = {Advances in Biometrics: Sensors, Systems and Algorithms},
year = {2008},
pages = {447-471},
publisher = {Springer},
organization = {Springer},
abstract = {Performances of biometric recognition systems can degrade quickly when the input biometric traits exhibit substantial variations compared to the templates collected during the enrolment stage of system{\textquoteright}s users. On the other hand, a lot of new unlabelled biometric data, which could be exploited to adapt the system to input data variations, are made available during the system operation over the time. This chapter deals with adaptive biometric systems that can improve with use by exploiting unlabelled data. After a critical review of previous works on adaptive biometric systems, the use of semi-supervised learning methods for the development of adaptive biometric systems is discussed. Two examples of adaptive biometric recognition systems based on semi-supervised learning are presented along the chapter, and the concept of biometric co-training is introduced for the first time.},
keywords = {bio04, biometrics, template update},
author = {Fabio Roli and Luca Didaci and Gian Luca Marcialis},
editor = {N. Ratha; V. Govindaraju}
}
@conference { 308,
title = {Adversarial Pattern Classification Using Multiple Classifiers and Randomisation},
booktitle = {12th Joint IAPR International Workshop on Structural and Syntactic Pattern Recognition (SSPR 2008)},
year = {2008},
note = {

},
month = {04/12/2008},
publisher = {Springer-Verlag},
organization = {Springer-Verlag},
address = {Orlando, Florida, USA},
keywords = {adversarial classification, doc00, doc02, mcs00, Multiple Classifier Systems, spam filtering},
author = {Battista Biggio and Giorgio Fumera and Fabio Roli}
}
@conference { 236,
title = {Biometric template update: an experimental investigation on the relationship between update errors and performance degradation in face verification},
booktitle = {Joint IAPR Int. Workshop on Structural and Syntactical Pattern Recognition and Statistical Techniques in Pattern Recognition S+SSPR08},
year = {2008},
month = {04/12/2008},
publisher = {Springer},
organization = {Springer},
address = {Orlando (Florida, USA)},
abstract = {Current methods for automatic template update are aimed at capturing large intra-class variations of input data and at the same time restricting the probability of impostor{\textquoteright}s introduction in client{\textquoteright}s galleries. These automatic methods avoid the costs of supervised update methods, which are due to repeated enrollment sessions and manual assignment of identity labels. Most of state-of-the-art template update approaches add input patterns to the claimed identity{\textquoteright}s gallery on the basis of their matching score with the existing templates, which must be above a very high {\textquotedblleft}updating{\textquotedblright} threshold. However, regardless of the value of such updating threshold, update errors do exist and impact strongly on the effectiveness of update procedures. The introduction of impostors into the galleries may degrade the performance quickly. This effect has not been studied in the literature so far. Therefore, a first experimental investigation is the goal of this paper, with a case study on a face verification system.},
keywords = {bio04, biometrics, face, impostors, template update},
author = {Gian Luca Marcialis and Ajita Rattani and Fabio Roli}
}
@conference { 230,
title = {Biometric template update using the graph mincut: a case study in face verification},
booktitle = {6th IEEE Biometric Symposium},
year = {2008},
month = {22/09/2008},
publisher = {IEEE},
organization = {IEEE},
address = {Tampa, Florida, USA},
abstract = {A biometric system provides poor performances when the input data exhibit intra-class variations which are not well represented by the enrolled template set. This problem has been recently faced by template update techniques. The majority of the proposed techniques can be regarded as {\textquotedblleft}self-update{\textquotedblright} methods, as the system updates its own templates using the recognition results provided by the same templates. However, this approach can only exploit the input data {\textquotedblleft}near{\textquotedblright} to the current templates resulting in {\textquotedblleft}local{\textquotedblright} template optimization, namely, only input samples very similar to the current templates are exploited for update. To address this issue, this paper proposes a {\textquotedblleft}global{\textquotedblright} optimization of templates based on the graph mincut algorithm. The proposed approach can update templates by analysing the underlying structure of input data collected during the system{\textquoteright}s operation. This is achieved by a graph drawn using a pair-wise similarity measure between enrolled and input data. Investigation of this novel template update technique has been done by its application to face verification, as a case study. The reported results show the effectiveness of the proposed technique in comparison to state of art self-update techniques.},
keywords = {bio04, biometrics, face, template update},
author = {Ajita Rattani and Gian Luca Marcialis and Fabio Roli}
}
@booklet { 222,
title = {Boosting Gallery Representativeness by Co-updating Face and Fingerprint Verification Systems},
year = {2008},
note = {This paper won the Best Paper Award at the 5th Summer School for Advanced Studies on Biometrics for Secure Authentication (http://biometrics.uniss.it).},
abstract = {The representativeness of a template gallery to the novel data is a well-known issue in a personal verification system based on biometrics. This problem has been recently faced by proposing {\textquotedblleft}template update{\textquotedblright} algorithms that updates the enrolled templates in order to capture and represent better, the subject{\textquoteright}s intra-class variations. Whilst the majority of the proposed approaches adopted {\textquotedblleft}self{\textquotedblright} update technique, in which the system updates itself using its own knowledge. An approach named template co-update, using two complementary biometrics to {\textquotedblleft}co-update{\textquotedblright} each other, has shown promising, but still preliminary, results. In this paper, we investigate the performance of the template co-update in comparison to self update algorithms in an uncontrolled environment. Reported results show that template co-update can outperform template {\textquotedblleft}self{\textquotedblright} update technique, when initial enrolled templates are poor representative of the novel data.},
keywords = {bio04, biometrics, face, fingerprint, template update},
author = {Ajita Rattani and Gian Luca Marcialis and Fabio Roli}
}
@conference { 210,
title = {Capturing large intra-class variations of biometric data by template co-updating},
booktitle = {IEEE Workshop on Biometrics, Int. Conference on Vision and Pattern Recognition CVPR 2008},
year = {2008},
month = {23/07/2008},
pages = {1-6},
publisher = {IEEE},
organization = {IEEE},
address = {Anchorage (Alaska, USA)},
abstract = {The representativeness of a biometric template gallery to the novel data has been recently faced by proposing {\textquotedblleft}template update{\textquotedblright} algorithms that update the enrolled templates in order to capture, and represent better, the subject{\textquoteright}s intra-class variations. Majority of the proposed approaches have adopted {\textquotedblleft}self{\textquotedblright} update technique, in which the system updates itself using its own knowledge. Recently an approach named template co-update, using two complementary biometrics to {\textquotedblleft}co-update{\textquotedblright} each other, has been introduced. In this paper, we investigate if template co-update is able to capture intra-class variations better than those captured by state of art self update algorithms. Accordingly, experiments are conducted under two conditions, i.e., a controlled and an uncontrolled environment. Reported results show that co-update can outperform {\textquotedblleft}self{\textquotedblright} update technique, when initial enrolled templates are poor representative of the novel data (uncontrolled environment), whilst almost similar performances are obtained when initial enrolled templates well represent the input data (controlled environment).},
keywords = {bio04, biometrics, face, fingerprint, template update},
isbn = {978-1-4244-2339-2},
author = {Ajita Rattani and Gian Luca Marcialis and Fabio Roli}
}
@conference { 309,
title = {Combination of experts by classifiers in similarity score spaces},
booktitle = {Joint IAPR Int. Workshop on Structural and Syntactical Pattern Recognition and Statistical Techniques in Pattern Recognition S+SSPR08},
volume = {5342},
year = {2008},
pages = {821-830},
publisher = {Springer-Verlag},
organization = {Springer-Verlag},
address = {Orlando (Florida, USA)},
abstract = {

The combination of different experts is largely used to improve the performance of a pattern recognition system. In the case of experts whose output is a similarity score, different methods had been developed. In this paper, the combination is performed by building a similarity score space made up of the scores produced by the experts, and training a classifier into it. Different techniques based on the use of classifiers trained on the similarity score space are proposed and compared. In particular, they are used in the framework of Dynamic Score Selection mechanisms, recently proposed by the authors. Reported results on two biometric datasets show the effectiveness of the proposed approach.

},
keywords = {mcs00, mcs01},
author = {Roberto Tronci and Giorgio Giacinto and Fabio Roli},
editor = {N. da Vitoria Lobo and T. Kasparis and Fabio Roli and J. Tin-Yau Kwok and M. Georgiopoulos and G. C. Anagnostopoulos and M. Loog}
}
@conference { 310,
title = {Dynamic score combination of binary experts},
booktitle = {19th International Conference on Pattern Recognition (ICPR 2008)},
year = {2008},
month = {08/12/2008},
publisher = {IEEE Computer Society Press},
organization = {IEEE Computer Society Press},
address = {Tampa (Florida, USA)},
abstract = {The combination of experts is used to improve the performance of a classification system. In this paper we propose three dynamic score combination techniques that embed the selection and the fusion approach for combining experts. The proposed techniques are designed to combine binary experts that output a score measuring the degree of similarity to the positive class. Reported results on two biometric dataset show the effectiveness of the proposed techniques in terms of AUC and EER.},
keywords = {mcs00, mcs01},
author = {Roberto Tronci and Giorgio Giacinto and Fabio Roli}
}
@mastersthesis { 1351,
title = {Ensemble of binary classifiers: combination techniques and design issues},
year = {2008},
school = {University of Cagliari},
type = {phdPhD Thesis},
abstract = {In this thesis the problem of the combination of binary classifiers ensemble is faced. For each pattern a binary classifier (or binary expert) assigns a similarity score, and according to a decision threshold a class is assigned to the pattern (i.e., if the score is higher than the threshold the pattern is assigned to the {\textquotedblleft}positive{\textquotedblright} class, otherwise to the {\textquotedblleft}negative{\textquotedblright} one). An example of this kind of classifier is an authentication biometric expert, where the expert must distinguish between the {\textquotedblleft}genuine{\textquotedblright} users, and the {\textquotedblleft}impostor{\textquotedblright} users. The combination of different experts is currently investigated by researchers to increase the reliability of the decision. Thus in this thesis the following two aspects are investigated: a score {\textquotedblleft}selection{\textquotedblright} methodology, and diversity measures of ensemble effectiveness. In particular, a theory on ideal score selection has been developed, and a number of selection techniques based on it have been deployed. Moreover some of them are based on the use of classifier as a selection support, thus different use of these classifier is analyzed. The influence of the characteristics of the individual experts to the final performance of the combined experts have been investigated. To this end some measures based on the characteristics of the individual experts were developed to evaluate the ensemble effectiveness. The aim of these measures is to choose which of the individual experts from a bag of experts have to be used in the combination. Finally the methodologies developed where extensively tested on biometric datasets.},
url = {http://veprints.unica.it/162/1/tronci_roberto.pdf},
author = {Roberto Tronci}
}
@conference { 216,
title = {Evade Hard Multiple Classifier Systems},
booktitle = {Workshop on Supervised and Unsupervised Ensemble Methods and Their Applications (SUEMA 2008)},
year = {2008},
note = {

},
month = {21/07/2008},
address = {Patras, Greece},
keywords = {adversarial classification, doc00, doc02, mcs00, Multiple Classifier Systems, spam filtering},
author = {Battista Biggio and Giorgio Fumera and Fabio Roli}
}
@article { 211,
title = {Fingerprint silicon replicas: static and dynamic features for vitality detection using an optical capture device},
journal = {International Journal of Image and Graphics},
volume = {8},
year = {2008},
pages = {495-512},
publisher = {World Scientific},
abstract = {The automatic vitality detection of a fingerprint has become an important issue in personal verification systems based on this biometric. It has been shown that fake fingerprints made using materials like gelatine or silicon can deceive commonly used sensors. Recently, the extraction of vitality features from fingerprint images has been proposed to address this problem. Among others, static and dynamic features have been separately studied so far, thus their respective merits are not yet clear; especially because reported results were often obtained with different sensors and using small data sets which could have obscured relative merits, due to the potential small sample-size issues. In this paper, we compare some static and dynamic features by experiments on a larger data set and using the same optical sensor for the extraction of both feature sets. We dealt with fingerprint stamps made using liquid silicon rubber. Reported results show the relative merits of static and dynamic features and the performance improvement achievable by using such features together.

},
month = {21/08/2008},
address = {Mountain View, CA, USA},
keywords = {doc00, doc02, spam filtering},
author = {Battista Biggio and Giorgio Fumera and Ignazio Pillai and Fabio Roli}
}
@article { 96,
title = {Intrusion detection in computer networks by a modular ensemble of one-class classifiers},
journal = {Information Fusion},
volume = {9},
year = {2008},
publisher = {Elsevier},
keywords = {ids00, mcs00, Multiple Classifier Systems},
author = {Giorgio Giacinto and Roberto Perdisci and Mauro Del Rio and Fabio Roli}
}
@inbook { 205,
title = {Intrusion Detection in Computer Systems using Multiple Classifer Systems},
booktitle = {Supervised and Unsupervised Ensemble Methods and Their Applications},
number = {126},
year = {2008},
pages = {91-114},
publisher = {Springer-Verlag, Berlin/Heidelberg},
organization = {Springer-Verlag, Berlin/Heidelberg},
edition = {O. Okun and G. Valentini},
keywords = {ids00, mcs00},
url = {http://springerlink.com/content/p80275821781/front-matter.pdf},
author = {Igino Corona and Giorgio Giacinto and Fabio Roli}
}
@conference { 698,
title = {On the Mathematical Formulation of the SAR Oil-Spill Observation Problem},
booktitle = {IEEE International Geoscience and Remote Sensing Symposium, 2008. IGARSS 2008},
volume = {3},
year = {2008},
pages = {III -1382-III -1385},
publisher = {IEEE Press},
organization = {IEEE Press},
author = {A. Gambardella and Giorgio Giacinto and M. Migliaccio}
}
@conference { 781,
title = {McPAD and HMMWeb: two different approaches for the detection of attacks against Web applications},
booktitle = {Italian Workshop on Privacy and Security (PRISE)},
year = {2008},
address = {Rome},
author = {Davide Ariu and Igino Corona and Giorgio Giacinto and Fabio Roli}
}
@conference { 209,
title = {Online and offline fingerprint template update using minutiae: an experimental comparison},
booktitle = {5th International Workshop on Automated Motion and Deformable Objects (AMDO 2008)},
volume = {5098},
year = {2008},
month = {09/07/2008},
pages = {441-448},
publisher = {Springer},
organization = {Springer},
address = {Andratx (Mallorca, Spain)},
abstract = {Although the template fingerprint collected during the registration phase of personal verification systems can be considered in principle as representative of the subject identity, some recent works pointed out that it is not completely able to follow the intra-class variations of the fingerprint shape. Accordingly, making these systems adaptive to these variations is one of the most interesting problems, and is often called as the {\textquoteleft}{\textquoteleft}template updating\" problem. In this paper, two different approaches for fingerprint template updating are compared by experiments. The first one, already proposed in other works, relies on the concept of \"online\" template updating, that is, the fingerprint template is updated when the system is operating. As alternative, we propose the {\textquoteleft}{\textquoteleft}offline\" template update, which requires the collection of a representative batch of samples when the system is operating. They concur to the template updating when the system is offline, that is, it is not operating. Preliminary experiments carried out on the FVC data sets allow to point out some differences among the investigated approaches.},
keywords = {bio04, biometrics, fingerprint, template update},
author = {Biagio Freni and Gian Luca Marcialis and Fabio Roli},
editor = {F.J. Perales and R.B. Fisher}
}
@article { 189,
title = {Performance of fingerprint quality measures depending on sensor technology},
journal = {Journal of Electronic Imaging},
volume = {17},
year = {2008},
note = {Please contact the authors if you want to receive an electronic copy of the paper.},
publisher = {SPIE Press},
abstract = {Although many image quality measures have been proposed for fingerprints, few works have taken into account how differences among capture devices impact on the image quality. In this paper, several representative measures for assessing the quality of fingerprint images are compared using an optical and a capacitive sensor. We implement and test a representative set of measures that rely on different fingerprint image features for quality assessment. The capability to discriminate between images of different quality and its relationship with the verification performance is studied. For our verification experiments, we use a minutiae- and a ridge-based matcher, which are the most common approaches for fingerprint recognition. We report differences depending on the sensor, and interesting relationships between sensor technology and features used for quality assessment are also pointed out.},
keywords = {bio03, biometrics, fingerprint, quality},
author = {Fernando Alonso and Fabio Roli and Gian Luca Marcialis and Julian Fierrez and Javier Ortega}
}
@conference { 207,
title = {Replacement algorithms for fingerprint template update},
booktitle = {5th International Conference on Image Analysis and Recognition (ICIAR 2008)},
volume = {5112},
year = {2008},
month = {25/06/2008},
pages = {884-893},
publisher = {Springer},
organization = {Springer},
abstract = {Semi-supervised fingerprint template update is a relatively novel topic in which the problem of template representativeness with respect to unknown data has been pointed out. Current approaches to template update are based on insertion of a novel template into the gallery, and/or fusion of the template with an existing one. The automatic replacement of an existing template by a novel one is another possibility which has not yet been investigated. This paper is a first attempt to study the feasibility of using some template replacement algorithms in fingerprint verification systems. Replacement is performed online, which can be considered as a sort of \"worst case\" for this approach. Preliminary experiments are carried out on the four data sets of FVC2002 event.},
keywords = {bio04, biometrics, fingerprint, template update},
author = {Biagio Freni and Gian Luca Marcialis and Fabio Roli},
editor = {A. Campihlo and M. Kamel}
}
@conference { 235,
title = {Template Selection by Editing Algorithms: a Case Study in Face Recognition},
booktitle = {Joint IAPR Int. Workshop on Structural and Syntactical Pattern Recognition and Statistical Techniques in Pattern Recognition S+SSPR08},
year = {2008},
month = {04/12/2008},
publisher = {Springer},
organization = {Springer},
address = {Orlando (Florida, USA)},
abstract = {In this paper, we consider the problem of template selection in biometric systems as analogous to the problem, called \"editing\", of selecting representative prototypes when using the 1-Nearest Neighbour classifier (NN). Four editing algorithms are used and compared by experiments with state-of-the-art template selection algorithms. Experiments are performed on a benchmark face data set. Reported results show pros and cons of editing algorithms for template selection in biometric systems.},
keywords = {bio04, biometrics, face, template selection},
author = {Biagio Freni and Gian Luca Marcialis and Fabio Roli}
}
@article { 193,
title = {A Theoretical Analysis of Bagging as a Linear Combination of Classifiers},
journal = {IEEE Transactions on Pattern Analysis and Machine Intelligence},
volume = {30},
year = {2008},
month = {07/2008},
pages = {1293-1299},
publisher = {IEEE Computer Society},
abstract = {

We apply an analytical framework for the analysis of linearly combined classifiers to ensembles generated by bagging. This provides an analytical model of bagging misclassification probability as a function of the ensemble size, which is a novel result in the literature. Experimental results on real data sets confirm the theoretical predictions. This allows us to derive a novel and theoretically grounded guideline for choosing bagging ensemble size. Furthermore, our results are consistent with explanations of bagging in terms of classifier instability and variance reduction, support the optimality of the simple average over the weighted average combining rule for ensembles generated by bagging, and apply to other randomization-based methods for constructing classifier ensembles. Although our results do not allow to compare bagging misclassification probability with the one of an individual classifier trained on the original training set, we discuss how the considered theoretical framework could be exploited to this aim.

},
keywords = {combining rules, ensemble construction, linear combiners, mcs01, mcs02, Multiple Classifier Systems},
author = {Giorgio Fumera and Fabio Roli and Alessandra Serrau}
}
@conference { 237,
title = {A Theoretical and Experimental Analysis of Template Co-update in Biometric Verification Systems},
booktitle = {Joint IAPR Int. Workshop on Structural and Syntactical Pattern Recognition and Statistical Techniques in Pattern Recognition S+SSPR08},
year = {2008},
month = {04/12/2008},
publisher = {Springer},
organization = {Springer},
address = {Orlando (Florida, USA)},
abstract = {Template update in biometric recognition system is aimed to improve the representativeness of available templates in order to make them adaptive to the large intra-class variations characterizing biometrics (e.g. fingerprints and faces). Among others, semi-supervised approaches to template update have been recently proposed. Since the lack of representativeness is due to the impossibility of sampling all possible variations of a given client biometric, these approaches exploit samples submitted during the recognition phase by adding the {\textquotedblleft}highly genuine{\textquotedblright} ones to the related client gallery. In particular, the template co-update algorithm, which uses the mutual help of two complementary biometric matchers, has shown promising experimental results. However, no theoretical model has been proposed to explain the behaviour of the co-update algorithm and support the experimental results. This is the goal of this paper. Experimental results show the correctness of the proposed theoretical model.},
keywords = {bio04, biometrics, co-updating, face, fingerprint, template update},
author = {Luca Didaci and Gian Luca Marcialis and Fabio Roli}
}
@conference { 307,
title = {Video Biometric Surveillance and Forensic Image Analysis},
booktitle = {First Workshop on Video Surveillance projects in Italy (VISIT 2008)},
year = {2008},
month = {22/05/2008},
address = {Modena (Italy)},
abstract = {In this paper, we describe two research projects involving the Department of Electrical and Electronic Engineering (DIEE) of the University of Cagliari. They are related to the applications of biometrics for environmental video-surveillance and forensic sciences. In the first one, entitled {\textquotedblleft}Procedure for Object Recognition and Processing of Multi-Input Images{\textquotedblright} (PRiO), the DIEE people has been involved as consultant of the company Vitrociset S.p.A.. The second one, entitled {\textquotedblleft}State of the art on methods and algorithms for automatic analysis of fingerprint images and for fake fingerprints identification{\textquotedblright}, is in the context of an agreement between DIEE and Scientific Investigation Office (Ra.C.I.S.) of {\textquotedblleft}Arma dei Carabinieri{\textquotedblright} (the militia maintained by the Italian government for police duties). The PRiO project is focused on the development of an intelligent system of sensors for the control of wide reserved areas. The sensors can interact each others in order to capture the presence of living objects in the scene (cars or humans), tracking the subject identity after passing through a proximity biometric verification system, and to signal some unusual situations to a human operator. The system is also able to program some counter-measures on the basis of models managed by a tactical simulation software. The role of DIEE consists in the development of some fundamentals modules of the project: a proximity biometric verification systems based on faces and fingerprints, a module for ancillary information extraction from a tracked subject (height, gait speed), and also to discriminate between cars and humans into a scene. The Ra.C.I.S. project lies in the development of a set of software modules aimed to process and compare latent fingerprint images, and also a prototype module which helps the human expert to discriminate latent fingerprints released by a live finger from those released by a fake finger.},
keywords = {bio03, fingerprints, forensics},
url = {http://imagelab.ing.unimore.it/visit2008/indice.asp},
author = {Gian Luca Marcialis and Fabio Roli and Pietro Andronico and Paolo Multineddu and Pietro Coli and Giovanni Delogu}
}
@mastersthesis { 760,
title = {Vitality detection in personal authentication systems using fingerprints},
year = {2008},
pages = {121},
type = {phdPhD Thesis},
address = {Cagliari (Italy)},
abstract = {

Fingerprints have always been an identification mean due to their some important properties: universality (everyone have one), permanence in the time (they do not change when the time passes), individuality (there are no two identical fingerprints). From the first forensic applications to the last biometric technology applied to access control, fingerprints are considered as the sign of each human being. But in 2002 an important vulnerability has been shown: it is possible to deceive fingerprint scanners through artificial replicas of fingertips. Several studies, using different materials, have demonstrated that all tested scanners (based on different physical principles) are not able to recognize fake to live fingertips. The first goal of this Ph.D. thesis has been to investigate the current state-of-the-art in fingerprint vitality detection. Since the state-of-the-art is lack of a systematic classification of all the current methods, we arranged the above hardware-based and software-based approaches into a specific taxonomy on the basis of the sensing methodology or the physical phenomenon which is considered as a life sign (elastic deformation, perspiration or morphology of the skin). The second contribution of this Ph.D. thesis is the development of two different new approaches, which we indicated as power spectrum and ridge-width fingerprint vitality detection. We believe this Ph.D. thesis contributed to a first interpretation key of all the current methods and to innovative proposals in fingerprint vitality detection.

A biometric system for user authentication produces a matching score representing the degree of similarity of the input biometry with the set of templates for that user. If the score is greater than a prefixed threshold, then the user is accepted, otherwise the user is rejected. Typically the performance are evaluated in terms of the Receiver Operating Characteristic (ROC) curve, and the Equal Error Rate (EER). In order to increase the reliability of authentication through biometrics, the combination of different biometric systems is currently investigated by researchers. While a number of "fusion" algorithms have been proposed in the literature, in this paper we propose a theoretical analysis of a novel approach based on the "dynamic selection" of matching scores. Such a selector aims at choosing, for each user to be authenticated, just one of the scores produced by the different biometric systems available. We show that the "dynamic selection" of matching scores can provide a better ROC than those of individual biometric systems. Reported results on the FVC2004 dataset confirm the theoretical analysis, and show that the proposed "dynamic selection" approach is more effective when low quality scores are used.

Battista Biggio, Giorgio Fumera, Ignazio Pillai, Fabio Roli and Riccardo Satta, Evading SpamAssassin with obfuscated text images, November 2007, Virus Bulletin. Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge by permission of Virus Bulletin.

Automatic Fingerprint Identification Systems (AFISs) are widely used for criminal investigations for matching the latent fingerprints found at the crime scene with those registered in the police database. As databases usually contain an enormous number of fingerprints, the time required to identify potential suspects can be extremely long. Therefore, a classification phase is performed to whittle down and thus speed up the search. Latent fingerprints are classified into five classes known as Henry classes. In this way each fingerprint only need to be matched against records of the corresponding class contained in the database. Many fingerprint classification methods have been proposed to date, but only a few of these exploit graph-based, or structural, representations of fingerprints. The results reported in the literature indicate that classical statistical methods outperform structural methods for benchmarking fingerprint databases. However, recent works have shown that graph-based methods can offer some advantages for fingerprint classification which warrant further investigation, especially when combined with statistical methods. This chapter opens with a critical review of the main graph-based and structural fingerprint classification methods. Then, these methods are compared with the statistical methods currently used for fingerprint classification. Experimental comparisons using a benchmarking fingerprint data base are described, and the benefits of fusing graphbased and statistical methods are investigated. The chapter closes with some considerations on the present utility and future potential of graph-based methods for fingerprint classification.

We address the problem of filtering image spam,a rapidly spreading kind of spam in which the text messageis embedded into attached images to defeat spam filtering techniquesbased on the analysis of e-mail{\textquoteright}s body text.We propose an approach based on low-level image processingtechniques to detect one of the main charactersticsof most image spam, namely the use of content obscuring techniquesto defeat OCR tools.A preliminary experimental evaluation of our approach is reportedon a personal data set of spam images publicly available.

In this paper we focus on the so-called "image spam", which consists in embedding the spam message into images attached to e-mails to circumvent statistical techniques based on the analysis of body text of e-mails (like the "bayesian filters"), and in applying content obscuring techniques to such images to make them unreadable by standard OCR systems without compromising human readability. We argue that a prominent role against image spam will be played by computer vision techniques, in particular visual pattern recognition and image processing techniques. We then discuss two possible approaches to defeat image spam: exploiting the high-level textual information embedded into images by combining OCR and text categorization techniques, and exploiting the low-level image information to detect content obscuring techniques applied to spam images. We also report some results of an experimental investigation on a large data set of spam e-mails, aimed at evaluating the effectiveness of combining standard OCR and text categorization techniques, and preliminary results on the use of low-level features to detect image defects (like broken or merged characters in a binarized image) which are typical consequences of content obscuring techniques that spammers are using.

A biometric system produces a matching score representing the degree of similarity of the input with the set of templates for that user. If the score is greater than a prefixed threshold, then the user is accepted, otherwise the user is rejected. Typically, the performance is evaluated in terms of the Receiver Operating Characteristic (ROC) curve, where the correct acceptance rate is plotted against the false authentication rate. A measure used to characterise a ROC curve is the Area Under the Curve (AUC), the larger the AUC, the better the ROC. In order to increase the reliability of authentication through biometrics, the combination of different biometric systems is currently investigated by researchers. In this paper two open problems are addressed: the selection of the experts to be combined and their related performance improvements. To this end we propose an index to be used for the experts selection to be combined, with the aim of the AUC maximisation. Reported results on FVC2004 dataset show the effectiveness of the proposed index.

Performances of face recognition systems based on principal component analysis can degrade quickly when input images exhibit substantial variations, due for example to changes in illumination or pose, compared to the templates collected during the enrolment stage. On the other hand, a lot of new unlabelled face images, which could be potentially used to update the templates and re-train the system, are made available during the system operation. In this paper a semi-supervised version, based on the self-training method, of the classical PCA-based face recognition algorithm is proposed to exploit unlabelled data for off-line updating of the eigenspace and the templates. Reported results show that the exploitation of unlabelled data by self-training can substantially improve the performances achieved with a small set of labelled training examples.

In this paper the performance of bagging in classificationproblems is theoretically analysed, using a framework developed in worksby Tumer and Ghosh and extended by the authors. A bias-variance decompositionis derived, which relates the expected misclassification probabilityattained by linearly combining classifiers trained on N bootstrapreplicates of a fixed training set to that attained by a single bootstrapreplicate of the same training set. Theoretical results show that the expectedmisclassification probability of bagging has the same bias componentas a single bootstrap replicate, while the variance component isreduced by a factor N. Experimental results show that the performanceof bagging as a function of the number of bootstrap replicates followsquite well our theoretical prediction. It is finally shown that theoreticalresults derived for bagging also apply to other methods for constructingmultiple classifiers based on randomisation, such as the random subspacemethod and tree randomisation.

In this paper, a theoretical and experimental analysis of linear combiners for multiple classifier systems is presented. Although linear combiners are the most frequently used combining rules, many important issues related to their operation for pattern classification tasks lack a theoretical basis. After a critical review of the framework developed in works by Tumer and Ghosh, on which our analysis is based, we focus on the simplest and most widely used implementation of linear combiners, which consists in assigning a non-negative weight to each individual classifier. Moreover, we consider the ideal performance of this combining rule, i.e., that achievable when the optimal values of the weights are used. We do not consider the problem of weights estimation, which has been extensively addressed in the literature. Our theoretical analysis shows how the performance of linear combiners, in terms of misclassification probability, depends on the performance of individual classifiers, and on the correlation between their outputs. In particular, we evaluate the ideal performance improvement that can be achieved using the weighted average over the simple average combining rule, and investigate in what way it depends on the individual classifiers. Experimental results on real data sets show that the behaviour of linear combiners agrees with the predictions of our analytical model. Finally, we discuss the contribution to the state of the art and the practical relevance of our theoretical and experimental analysis of linear combiners for multiple classifier systems.

Abstract. In this paper, we investigate the usefulness of the reject option in text categorisation systems. The reject option is introduced by allowing a text classifier to withhold the decision of assigning or not a document to any subset of categories, for which the decision is considered not sufficiently reliable. To automatically handle rejections, a two-stage classifier architecture is used, in which documents rejected at the first stage are automatically classified at the second stage, so that no rejections eventually remain. The performance improvement achievable by using the reject option is assessed on a real text categorisation task, using the well known Reuters data set.

The aim of this paper is to evaluate the potential usefulness of the reject option for text categorisation (TC) tasks. The reject option is a technique used in statistical pattern recognition for improving classification reliability. Our work is motivated by the fact that, although the reject option proved to be useful in several pattern recognition problems, it has not yet been considered for TC tasks. Since TC tasks differ from usual pattern recognition problems in the performance measures used and in the fact that documents can belong to more than one category, we developed a specific rejection technique for TC problems. The performance improvement achievable by using the reject option was experimentally evaluated on the Reuters dataset, which is a standard benchmark for TC systems.

Classification is an important step towards fingerprint recognition. Inthe classification stage, fingerprints are usually associated to one of the fiveclasses {\textquotedblleft}A{\textquotedblright}, {\textquotedblleft}L{\textquotedblright}, {\textquotedblleft}R{\textquotedblright}, {\textquotedblleft}T{\textquotedblright}, {\textquotedblleft}W{\textquotedblright}. The aim is to reduce the number ofcomparisons that are necessary for recognition. Many approaches to fingerprintclassification have been proposed so far, but very few works investigated thepotentialities of combining statistical and structural algorithms. In this paper, anapproach to fusion of statistical and structural fingerprint classifiers is presentedand experiments that show the potentialities of such fusion are reported.

When the cost of misclassifications is very high it is useful to allow a pattern classification system to withheld the automatic classification of an input pattern, if it is considered unreliable. This is know as the reject option. Rejected patterns must be manually handled or fed to a more accurate and more costly classifier. It is thus necessary to find a trade-off between rejection and misclassification rates. In the framework of the minimum risk theory, the optimal classification rule with the reject option was defined by C.K. Chow in 1957. However the optimality of Chow{\textquoteright}s rule relies on the exact knowledge of the class posterior probabilities, which in practical applications are usually unknown. Moreover, while some classifiers (like neural networks) provide estimates of the posteriors, other classifiers (like support vector machines, SVM) do not: in such cases the reject option has to be implemented using different estimates of classification reliability. So far few works in the literature addressed the problem of designing effective classification rules with the reject option in real applications, and none of them attempted to give a theoretical support to such rules, taking into account the non-optimality of Chow{\textquoteright}s rule. A case of particular interest is the SVM classifier: despite its strong theoretical roots in statistical learning theory and its effectiveness in several real applications, no work addressed so far the issue of implementing a reject option in SVMs in a principled way.

\

In this thesis we address the two topics mentioned above. As a first contribution, we analyse the effects of estimation errors on the performance of Chow{\textquoteright}s rule and propose a new rejection rule based on using a different rejection threshold for each class, formally proving that it can allow to achieve a better error-reject trade-off than Chow{\textquoteright}s rule in presence of estimation errors on the a posteriori probabilities. We also analyse the improvement of the error-reject trade-off which can be attained by ensebles of linearly combined classifiers, by extending an analytical model derived in works by Tumer and Ghosh. As the second contribution we propose a method for implementing a reject option in SVM classifiers. Our method is based on a modification of the objective function of the SVM learning algorithm which allows to include the reject option in the resulting decision function, with the aim of preserving the capacity control capability of the original SVM learning algorithm.